heythatsanam

Hi there!!! Can someone please help me with my computer. I am having problems with how slow and long it takes to open the internet browser. I also feel like I may possibly have a virus since it redirects me to unknown websites such as Wow.com . I have programs that I haven't even heard of! I would greatly appreciate if yu could help me speed my internet and miminize any unnecessary programs. Thanks

Hi there, Can someone help me with my computer. Whenever I turn my computer on, it takes forever for the icons to load and when I have to use Firefox! On my Control panel, it shows Search protect programs which are viruses. ! Please help me with my computer !!!!

Hi MrCharlie, Thank you once again for all your help. Here are the following logs you've requested: Fixlist LOG Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by Owner at 2014-04-03 16:06:00 Run:1 Running from C:\Documents and Settings\Owner\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - URL http://search.condui...7A2F0AFFEB29&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://search.zoneal...hDev3&Lan=en&q={searchTerms}&gu=00674ddf02a8433b9ed0a9291062edcc&tu=11J3y00DC2B0Ca0&sku=&tstsId=&ver=&&r=281 CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\Owner\Application Data\CamLayout.ini C:\Documents and Settings\Owner\Application Data\CamShapes.ini AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F5C06B15-C34B-4DA9-B402-8E7E2E2D4463} => Key not found. HKCR\Wow6432Node\CLSID\{F5C06B15-C34B-4DA9-B402-8E7E2E2D4463} => Key not found. HKCU\SOFTWARE\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb => Key deleted successfully. "CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx" => File/Directory not found. HKLM\SOFTWARE\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb => Key deleted successfully. "CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx" => File/Directory not found. "C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll" => File/Directory not found. "C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe" => File/Directory not found. C:\Documents and Settings\Owner\Application Data\CamLayout.ini => Moved successfully. C:\Documents and Settings\Owner\Application Data\CamShapes.ini => Moved successfully. C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully. ==== End of Fixlog ==== AdwCleaner LOG # AdwCleaner v3.023 - Report created 03/04/2014 at 16:11:13 # Updated 01/04/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Owner - ANAM-RNFR3WMDD7 # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042\prefs.js ] [ File : C:\Documents and Settings\Dena\Application Data\Mozilla\Firefox\Profiles\8boufv13.default\prefs.js ] [ File : C:\Documents and Settings\SHAK\Application Data\Mozilla\Firefox\Profiles\vd8ncv3g.default\prefs.js ] ************************* AdwCleaner[R5].txt - [1274 octets] - [03/04/2014 16:07:58] AdwCleaner[s4].txt - [1199 octets] - [03/04/2014 16:11:13] ########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1259 octets] ########## Malwarebytes LOG Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.01.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANAM-RNFR3WMDD7 [administrator] 4/3/2014 4:17:53 PM mbam-log-2014-04-03 (16-17-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 264231 Time elapsed: 16 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Owner (administrator) on ANAM-RNFR3WMDD7 on 31-03-2014 23:12:42 Running from C:\Documents and Settings\Owner\My Documents\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Dell) C:\Program Files\Dell\Click 2 Fix+\srvc.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\cust.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\capp.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\cutil.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) HKU\S-1-5-21-1935655697-725345543-1398031866-1003\...\Winlogon: [shell] - ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP16BF35BB-350F-497B-BFE0-7A2F0AFFEB29&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll No File FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll No File FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( ) FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 Dell Click 2 Fix+; C:\Program Files\Dell\Click 2 Fix+\srvc.exe [94016 2014-02-03] (Dell) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-11-07] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation) S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] () S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) U0 PROCMON23; System32\Drivers\PROCMON23.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 22:18 - 2014-03-31 22:19 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt 2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 20:41 - 2014-03-31 20:43 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt 2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html 2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk 2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+ 2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe 2014-03-31 18:06 - 2014-03-31 18:07 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt 2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk 2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-03-31 14:38 - 2014-03-31 16:06 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver 2014-03-30 23:12 - 2014-03-31 23:12 - 00000000 ____D () C:\FRST 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:04 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:03 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:00 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 14:58 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:56 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:49 - 2014-03-31 14:11 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-30 14:44 - 2014-03-30 14:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 17:20 - 2014-03-29 22:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-29 00:00 - 2014-03-29 02:58 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-28 23:46 - 2014-03-29 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-19 00:37 - 2014-03-31 22:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-19 00:37 - 2014-03-19 13:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 17:43 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk ==================== One Month Modified Files and Folders ======= 2014-03-31 23:12 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST 2014-03-31 23:00 - 2011-10-06 21:12 - 01807447 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-31 22:47 - 2014-03-19 00:37 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-31 22:47 - 2013-05-25 16:00 - 00000340 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job 2014-03-31 22:47 - 2011-10-05 20:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-31 22:47 - 2011-10-05 20:12 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-31 22:46 - 2011-10-06 17:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-31 22:45 - 2011-10-06 17:29 - 00032320 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-31 22:45 - 2011-10-06 17:29 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini 2014-03-31 22:38 - 2012-10-11 00:22 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job 2014-03-31 22:21 - 2011-10-06 17:29 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-03-31 22:19 - 2014-03-31 22:18 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt 2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 22:13 - 2014-03-18 17:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-31 20:43 - 2014-03-31 20:41 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt 2014-03-31 18:52 - 2014-02-22 20:59 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb 2014-03-31 18:52 - 2014-02-22 20:59 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb 2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html 2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk 2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+ 2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe 2014-03-31 18:38 - 2012-10-11 00:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job 2014-03-31 18:16 - 2011-10-05 20:08 - 00000210 ___SH () C:\boot.ini 2014-03-31 18:16 - 2002-09-03 13:11 - 00000884 _____ () C:\WINDOWS\win.ini 2014-03-31 18:16 - 2002-09-03 13:06 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-31 18:10 - 2013-10-29 11:17 - 00000000 ____D () C:\Program Files\Dell 2014-03-31 18:07 - 2014-03-31 18:06 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt 2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk 2014-03-31 17:20 - 2011-10-08 03:50 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google 2014-03-31 17:20 - 2011-10-08 03:49 - 00000000 ____D () C:\Program Files\Google 2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-03-31 16:58 - 2014-02-22 21:14 - 00000000 ____D () C:\Program Files\Windows Desktop Search 2014-03-31 16:06 - 2014-03-31 14:38 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-31 14:33 - 2012-02-22 00:31 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-03-31 14:20 - 2011-10-06 17:29 - 00000000 ____D () C:\Documents and Settings\Owner 2014-03-31 14:11 - 2014-03-30 14:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-31 02:00 - 2012-11-29 10:26 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job 2014-03-31 02:00 - 2012-11-21 02:21 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job 2014-03-31 01:14 - 2012-07-08 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\white 2014-03-31 00:48 - 2011-10-06 15:45 - 00215552 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:07 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:05 - 2014-03-30 15:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:02 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 15:00 - 2014-03-30 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:57 - 2014-03-30 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:53 - 2014-03-30 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 23:12 - 2013-04-10 17:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-03-29 22:54 - 2014-03-29 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 21:44 - 2011-10-06 21:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia 2014-03-29 18:52 - 2013-10-29 12:01 - 00001552 _____ () C:\Documents and Settings\Owner\Desktop\Dell TEch.txt 2014-03-29 14:12 - 2002-09-03 13:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-29 02:58 - 2014-03-29 00:00 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 02:35 - 2014-03-28 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-29 01:54 - 2013-04-09 22:49 - 00004534 _____ () C:\Documents and Settings\Owner\Application Data\CamStudio.cfg 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamShapes.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamLayout.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000120 _____ () C:\Documents and Settings\Owner\Application Data\Camdata.ini 2014-03-29 01:52 - 2013-04-09 22:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:47 - 2013-04-11 03:28 - 00494206 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-725345543-1398031866-1003-0.dat 2014-03-29 00:47 - 2013-04-11 03:28 - 00214414 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-03-29 00:44 - 2013-02-28 05:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Shoes for ash 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-28 23:37 - 2011-10-05 20:10 - 00007042 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-23 22:16 - 2012-11-11 19:16 - 00000309 _____ () C:\Documents and Settings\Owner\Application Data\com.crackdat.crackdatsuite.xml 2014-03-23 22:16 - 2012-11-11 19:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Crack the DAT 2014-03-22 18:47 - 2013-04-15 18:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DAT 2014-03-21 17:12 - 2012-09-18 20:07 - 00000178 ___SH () C:\Documents and Settings\SHAK\ntuser.ini 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-20 01:38 - 2013-10-02 16:06 - 00000269 _____ () C:\Documents and Settings\Owner\Desktop\fax to chase.txt 2014-03-19 13:07 - 2014-03-19 00:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 20:55 - 2013-07-13 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-18 20:51 - 2012-09-07 19:31 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-16 23:24 - 2013-01-01 02:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Puters 2014-03-16 23:22 - 2013-05-22 14:45 - 00000365 _____ () C:\Documents and Settings\Owner\Desktop\LOL999.txt 2014-03-16 23:18 - 2012-03-04 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Misc 2014-03-16 16:11 - 2013-09-28 20:05 - 00001269 _____ () C:\Documents and Settings\Owner\Desktop\cool.txt 2014-03-16 16:08 - 2013-03-18 19:51 - 00001785 _____ () C:\Documents and Settings\Owner\Desktop\BOUGHT!.txt 2014-03-12 22:58 - 2013-03-20 02:39 - 03444184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-11 21:45 - 2012-03-05 23:16 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-11 21:29 - 2011-10-11 22:01 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2014-03-11 21:28 - 2011-10-10 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-10 16:51 - 2012-09-18 20:07 - 00000000 ____D () C:\Documents and Settings\SHAK\Application Data\Macromedia 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk 2014-03-07 00:46 - 2012-02-15 23:07 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-03-06 00:55 - 2013-08-07 17:38 - 00001544 _____ () C:\Documents and Settings\Owner\Desktop\Salonnnn.txt 2014-03-05 15:23 - 2012-01-26 06:01 - 00000132 _____ () C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs 2014-03-05 14:47 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype 2014-03-05 13:40 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype Files to move or delete: ==================== C:\Documents and Settings\Owner\Application Data\CamLayout.ini C:\Documents and Settings\Owner\Application Data\CamShapes.ini ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Owner at 2014-03-31 23:13:45 Running from C:\Documents and Settings\Owner\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) B57Inst (Version: 3.40 - Broadcom) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom) Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation) Course Saver Desktop (HKLM\...\com.coursesaver.desktop) (Version: 2.1.18 - UNKNOWN) Course Saver Desktop (Version: 2.1.18 - UNKNOWN) Hidden Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software) Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT) Dell Click 2 Fix+ (HKLM\...\Dell Click 2 Fix+_is1) (Version: 2.004.032.2546.03 - Dell) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google) Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Restore Points ========================= 14-01-2014 17:49:57 System Checkpoint 15-01-2014 05:54:45 Software Distribution Service 3.0 16-01-2014 07:09:59 Software Distribution Service 3.0 17-01-2014 21:17:33 System Checkpoint 18-01-2014 22:58:06 System Checkpoint 20-01-2014 01:13:57 System Checkpoint 21-01-2014 06:25:08 System Checkpoint 22-01-2014 06:26:14 System Checkpoint 24-01-2014 20:28:07 System Checkpoint 26-01-2014 01:13:14 System Checkpoint 27-01-2014 01:44:57 System Checkpoint 28-01-2014 15:21:36 System Checkpoint 29-01-2014 22:51:49 System Checkpoint 31-01-2014 01:33:13 System Checkpoint 01-02-2014 01:42:05 System Checkpoint 02-02-2014 01:38:00 Removed Bing Bar 02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software 02-02-2014 01:47:27 Removed HP Officejet 4620 series Help 03-02-2014 02:40:44 System Checkpoint 04-02-2014 21:11:53 System Checkpoint 06-02-2014 03:04:23 System Checkpoint 06-02-2014 07:03:59 Removed I.R.I.S. OCR 06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study 06-02-2014 07:11:03 Removed HP Update. 06-02-2014 07:11:45 Removed Skype™ 6.13 07-02-2014 08:00:36 Software Distribution Service 3.0 09-02-2014 05:42:28 System Checkpoint 10-02-2014 08:50:26 System Checkpoint 11-02-2014 23:23:49 System Checkpoint 13-02-2014 02:54:19 System Checkpoint 13-02-2014 08:01:12 Software Distribution Service 3.0 15-02-2014 05:33:36 System Checkpoint 18-02-2014 02:55:11 System Checkpoint 18-02-2014 05:35:50 Installed Achiever 19-02-2014 04:37:11 Removed Achiever 20-02-2014 04:53:35 System Checkpoint 21-02-2014 20:45:06 System Checkpoint 22-02-2014 22:21:19 System Checkpoint 23-02-2014 00:24:32 Installed Java 7 Update 51 23-02-2014 00:37:04 Pre Install Click 2 Fix restore point 23-02-2014 01:10:57 Software Distribution Service 3.0 23-02-2014 06:01:44 Software Distribution Service 3.0 24-02-2014 03:41:32 Software Distribution Service 3.0 25-02-2014 04:19:06 System Checkpoint 26-02-2014 04:54:36 System Checkpoint 28-02-2014 19:49:33 System Checkpoint 01-03-2014 23:21:00 System Checkpoint 03-03-2014 00:02:04 System Checkpoint 04-03-2014 02:44:31 System Checkpoint 05-03-2014 03:22:54 System Checkpoint 05-03-2014 18:48:36 Removed Skype™ 6.14 06-03-2014 21:14:35 System Checkpoint 07-03-2014 21:57:53 System Checkpoint 09-03-2014 01:47:24 System Checkpoint 10-03-2014 07:02:03 System Checkpoint 10-03-2014 21:15:08 Software Distribution Service 3.0 12-03-2014 01:43:49 Software Distribution Service 3.0 14-03-2014 18:44:02 System Checkpoint 16-03-2014 21:39:54 System Checkpoint 17-03-2014 23:51:10 System Checkpoint 19-03-2014 00:49:57 Software Distribution Service 3.0 20-03-2014 18:59:19 System Checkpoint 21-03-2014 19:24:05 System Checkpoint 22-03-2014 22:07:14 System Checkpoint 29-03-2014 03:46:25 Installed Camtasia Studio 8 29-03-2014 06:13:12 Removed Camtasia Studio 8 29-03-2014 06:38:58 Restore Operation 29-03-2014 06:51:15 Installed Camtasia Studio 6 29-03-2014 07:01:10 Software Distribution Service 3.0 30-03-2014 02:02:19 Software Distribution Service 3.0 31-03-2014 02:21:48 System Checkpoint 31-03-2014 20:19:53 Pre Install Click 2 Fix restore point 31-03-2014 22:11:12 Pre Install Click 2 Fix+ restore point 31-03-2014 22:44:06 Pre Install Click 2 Fix+ restore point 01-04-2014 02:34:09 Dell Click 2 Fix+ restore point ==================== Hosts content: ========================== 2002-09-03 12:34 - 2011-01-12 18:45 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-31 18:44 - 2014-02-03 23:33 - 00166216 _____ () C:\Program Files\Dell\Click 2 Fix+\SSLEAY32.DLL 2014-03-31 18:44 - 2014-02-03 23:29 - 00833856 _____ () C:\Program Files\Dell\Click 2 Fix+\LIBEAY32.dll 2014-03-31 18:44 - 2014-02-03 23:32 - 00579576 _____ () C:\Program Files\Dell\Click 2 Fix+\sqlite3.dll 2014-03-31 18:44 - 2014-02-03 23:30 - 00018240 _____ () C:\Program Files\Dell\Click 2 Fix+\node.dll 2014-03-31 22:13 - 2014-03-15 04:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-08-19 23:01 - 2013-08-19 23:01 - 16166280 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service wsearchidxpi (wsearchidxpi) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service UGTHRSVC (UGTHRSVC) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service UGatherer (UGatherer) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update. Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 02:36:03 PM) (Source: Application Hang) (User: ) Description: Fault bucket 1432846009. System errors: ============= Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Microsoft Office Sessions: ========================= Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: wsearchidxpiwsearchidxpi Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: UGTHRSVCUGTHRSVC Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: UGathererUGatherer Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update.(NULL)(NULL)(NULL) Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 02:36:03 PM) (Source: Application Hang)(User: ) Description: 1432846009 ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 2046 MB Available physical RAM: 1473.93 MB Total Pagefile: 4968.77 MB Available Pagefile: 4585.54 MB Total Virtual: 2047.88 MB Available Virtual: 1958.11 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:34.04 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3) Partition: GPT Partition Type. ==================== End Of Log ============================

Thank god you are Life Saver. I have check boxed Addition.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Owner (administrator) on ANAM-RNFR3WMDD7 on 31-03-2014 23:01:42 Running from C:\Documents and Settings\Owner\My Documents\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Dell) C:\Program Files\Dell\Click 2 Fix+\srvc.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\cust.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\capp.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\cutil.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) HKU\S-1-5-21-1935655697-725345543-1398031866-1003\...\Winlogon: [shell] - ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP16BF35BB-350F-497B-BFE0-7A2F0AFFEB29&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll No File FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll No File FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( ) FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 Dell Click 2 Fix+; C:\Program Files\Dell\Click 2 Fix+\srvc.exe [94016 2014-02-03] (Dell) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-11-07] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation) S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] () S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) U0 PROCMON23; System32\Drivers\PROCMON23.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 22:18 - 2014-03-31 22:19 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt 2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 20:41 - 2014-03-31 20:43 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt 2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html 2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk 2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+ 2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe 2014-03-31 18:06 - 2014-03-31 18:07 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt 2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk 2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-03-31 14:38 - 2014-03-31 16:06 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver 2014-03-30 23:12 - 2014-03-31 23:01 - 00000000 ____D () C:\FRST 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:04 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:03 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:00 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 14:58 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:56 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:49 - 2014-03-31 14:11 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-30 14:44 - 2014-03-30 14:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 17:20 - 2014-03-29 22:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-29 00:00 - 2014-03-29 02:58 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-28 23:46 - 2014-03-29 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-19 00:37 - 2014-03-31 22:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-19 00:37 - 2014-03-19 13:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 17:43 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk ==================== One Month Modified Files and Folders ======= 2014-03-31 23:01 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST 2014-03-31 23:00 - 2011-10-06 21:12 - 01807447 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-31 22:47 - 2014-03-19 00:37 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-31 22:47 - 2013-05-25 16:00 - 00000340 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job 2014-03-31 22:47 - 2011-10-05 20:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-31 22:47 - 2011-10-05 20:12 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-31 22:46 - 2011-10-06 17:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-31 22:45 - 2011-10-06 17:29 - 00032320 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-31 22:45 - 2011-10-06 17:29 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini 2014-03-31 22:38 - 2012-10-11 00:22 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job 2014-03-31 22:21 - 2011-10-06 17:29 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-03-31 22:19 - 2014-03-31 22:18 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt 2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 22:13 - 2014-03-18 17:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-31 20:43 - 2014-03-31 20:41 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt 2014-03-31 18:52 - 2014-02-22 20:59 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb 2014-03-31 18:52 - 2014-02-22 20:59 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb 2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html 2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk 2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+ 2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe 2014-03-31 18:38 - 2012-10-11 00:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job 2014-03-31 18:16 - 2011-10-05 20:08 - 00000210 ___SH () C:\boot.ini 2014-03-31 18:16 - 2002-09-03 13:11 - 00000884 _____ () C:\WINDOWS\win.ini 2014-03-31 18:16 - 2002-09-03 13:06 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-31 18:10 - 2013-10-29 11:17 - 00000000 ____D () C:\Program Files\Dell 2014-03-31 18:07 - 2014-03-31 18:06 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt 2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk 2014-03-31 17:20 - 2011-10-08 03:50 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google 2014-03-31 17:20 - 2011-10-08 03:49 - 00000000 ____D () C:\Program Files\Google 2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-03-31 16:58 - 2014-02-22 21:14 - 00000000 ____D () C:\Program Files\Windows Desktop Search 2014-03-31 16:06 - 2014-03-31 14:38 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-31 14:33 - 2012-02-22 00:31 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-03-31 14:20 - 2011-10-06 17:29 - 00000000 ____D () C:\Documents and Settings\Owner 2014-03-31 14:11 - 2014-03-30 14:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-31 02:00 - 2012-11-29 10:26 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job 2014-03-31 02:00 - 2012-11-21 02:21 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job 2014-03-31 01:14 - 2012-07-08 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\white 2014-03-31 00:48 - 2011-10-06 15:45 - 00215552 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:07 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:05 - 2014-03-30 15:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:02 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 15:00 - 2014-03-30 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:57 - 2014-03-30 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:53 - 2014-03-30 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 23:12 - 2013-04-10 17:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-03-29 22:54 - 2014-03-29 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 21:44 - 2011-10-06 21:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia 2014-03-29 18:52 - 2013-10-29 12:01 - 00001552 _____ () C:\Documents and Settings\Owner\Desktop\Dell TEch.txt 2014-03-29 14:12 - 2002-09-03 13:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-29 02:58 - 2014-03-29 00:00 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 02:35 - 2014-03-28 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-29 01:54 - 2013-04-09 22:49 - 00004534 _____ () C:\Documents and Settings\Owner\Application Data\CamStudio.cfg 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamShapes.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamLayout.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000120 _____ () C:\Documents and Settings\Owner\Application Data\Camdata.ini 2014-03-29 01:52 - 2013-04-09 22:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:47 - 2013-04-11 03:28 - 00494206 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-725345543-1398031866-1003-0.dat 2014-03-29 00:47 - 2013-04-11 03:28 - 00214414 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-03-29 00:44 - 2013-02-28 05:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Shoes for ash 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-28 23:37 - 2011-10-05 20:10 - 00007042 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-23 22:16 - 2012-11-11 19:16 - 00000309 _____ () C:\Documents and Settings\Owner\Application Data\com.crackdat.crackdatsuite.xml 2014-03-23 22:16 - 2012-11-11 19:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Crack the DAT 2014-03-22 18:47 - 2013-04-15 18:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DAT 2014-03-21 17:12 - 2012-09-18 20:07 - 00000178 ___SH () C:\Documents and Settings\SHAK\ntuser.ini 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-20 01:38 - 2013-10-02 16:06 - 00000269 _____ () C:\Documents and Settings\Owner\Desktop\fax to chase.txt 2014-03-19 13:07 - 2014-03-19 00:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 20:55 - 2013-07-13 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-18 20:51 - 2012-09-07 19:31 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-16 23:24 - 2013-01-01 02:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Puters 2014-03-16 23:22 - 2013-05-22 14:45 - 00000365 _____ () C:\Documents and Settings\Owner\Desktop\LOL999.txt 2014-03-16 23:18 - 2012-03-04 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Misc 2014-03-16 16:11 - 2013-09-28 20:05 - 00001269 _____ () C:\Documents and Settings\Owner\Desktop\cool.txt 2014-03-16 16:08 - 2013-03-18 19:51 - 00001785 _____ () C:\Documents and Settings\Owner\Desktop\BOUGHT!.txt 2014-03-12 22:58 - 2013-03-20 02:39 - 03444184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-11 21:45 - 2012-03-05 23:16 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-11 21:29 - 2011-10-11 22:01 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2014-03-11 21:28 - 2011-10-10 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-10 16:51 - 2012-09-18 20:07 - 00000000 ____D () C:\Documents and Settings\SHAK\Application Data\Macromedia 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk 2014-03-07 00:46 - 2012-02-15 23:07 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-03-06 00:55 - 2013-08-07 17:38 - 00001544 _____ () C:\Documents and Settings\Owner\Desktop\Salonnnn.txt 2014-03-05 15:23 - 2012-01-26 06:01 - 00000132 _____ () C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs 2014-03-05 14:47 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype 2014-03-05 13:40 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype Files to move or delete: ==================== C:\Documents and Settings\Owner\Application Data\CamLayout.ini C:\Documents and Settings\Owner\Application Data\CamShapes.ini ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Addition LOG Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Owner at 2014-03-31 23:03:07 Running from C:\Documents and Settings\Owner\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) B57Inst (Version: 3.40 - Broadcom) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom) Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation) Course Saver Desktop (HKLM\...\com.coursesaver.desktop) (Version: 2.1.18 - UNKNOWN) Course Saver Desktop (Version: 2.1.18 - UNKNOWN) Hidden Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software) Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT) Dell Click 2 Fix+ (HKLM\...\Dell Click 2 Fix+_is1) (Version: 2.004.032.2546.03 - Dell) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google) Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Restore Points ========================= 14-01-2014 17:49:57 System Checkpoint 15-01-2014 05:54:45 Software Distribution Service 3.0 16-01-2014 07:09:59 Software Distribution Service 3.0 17-01-2014 21:17:33 System Checkpoint 18-01-2014 22:58:06 System Checkpoint 20-01-2014 01:13:57 System Checkpoint 21-01-2014 06:25:08 System Checkpoint 22-01-2014 06:26:14 System Checkpoint 24-01-2014 20:28:07 System Checkpoint 26-01-2014 01:13:14 System Checkpoint 27-01-2014 01:44:57 System Checkpoint 28-01-2014 15:21:36 System Checkpoint 29-01-2014 22:51:49 System Checkpoint 31-01-2014 01:33:13 System Checkpoint 01-02-2014 01:42:05 System Checkpoint 02-02-2014 01:38:00 Removed Bing Bar 02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software 02-02-2014 01:47:27 Removed HP Officejet 4620 series Help 03-02-2014 02:40:44 System Checkpoint 04-02-2014 21:11:53 System Checkpoint 06-02-2014 03:04:23 System Checkpoint 06-02-2014 07:03:59 Removed I.R.I.S. OCR 06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study 06-02-2014 07:11:03 Removed HP Update. 06-02-2014 07:11:45 Removed Skype™ 6.13 07-02-2014 08:00:36 Software Distribution Service 3.0 09-02-2014 05:42:28 System Checkpoint 10-02-2014 08:50:26 System Checkpoint 11-02-2014 23:23:49 System Checkpoint 13-02-2014 02:54:19 System Checkpoint 13-02-2014 08:01:12 Software Distribution Service 3.0 15-02-2014 05:33:36 System Checkpoint 18-02-2014 02:55:11 System Checkpoint 18-02-2014 05:35:50 Installed Achiever 19-02-2014 04:37:11 Removed Achiever 20-02-2014 04:53:35 System Checkpoint 21-02-2014 20:45:06 System Checkpoint 22-02-2014 22:21:19 System Checkpoint 23-02-2014 00:24:32 Installed Java 7 Update 51 23-02-2014 00:37:04 Pre Install Click 2 Fix restore point 23-02-2014 01:10:57 Software Distribution Service 3.0 23-02-2014 06:01:44 Software Distribution Service 3.0 24-02-2014 03:41:32 Software Distribution Service 3.0 25-02-2014 04:19:06 System Checkpoint 26-02-2014 04:54:36 System Checkpoint 28-02-2014 19:49:33 System Checkpoint 01-03-2014 23:21:00 System Checkpoint 03-03-2014 00:02:04 System Checkpoint 04-03-2014 02:44:31 System Checkpoint 05-03-2014 03:22:54 System Checkpoint 05-03-2014 18:48:36 Removed Skype™ 6.14 06-03-2014 21:14:35 System Checkpoint 07-03-2014 21:57:53 System Checkpoint 09-03-2014 01:47:24 System Checkpoint 10-03-2014 07:02:03 System Checkpoint 10-03-2014 21:15:08 Software Distribution Service 3.0 12-03-2014 01:43:49 Software Distribution Service 3.0 14-03-2014 18:44:02 System Checkpoint 16-03-2014 21:39:54 System Checkpoint 17-03-2014 23:51:10 System Checkpoint 19-03-2014 00:49:57 Software Distribution Service 3.0 20-03-2014 18:59:19 System Checkpoint 21-03-2014 19:24:05 System Checkpoint 22-03-2014 22:07:14 System Checkpoint 29-03-2014 03:46:25 Installed Camtasia Studio 8 29-03-2014 06:13:12 Removed Camtasia Studio 8 29-03-2014 06:38:58 Restore Operation 29-03-2014 06:51:15 Installed Camtasia Studio 6 29-03-2014 07:01:10 Software Distribution Service 3.0 30-03-2014 02:02:19 Software Distribution Service 3.0 31-03-2014 02:21:48 System Checkpoint 31-03-2014 20:19:53 Pre Install Click 2 Fix restore point 31-03-2014 22:11:12 Pre Install Click 2 Fix+ restore point 31-03-2014 22:44:06 Pre Install Click 2 Fix+ restore point 01-04-2014 02:34:09 Dell Click 2 Fix+ restore point ==================== Hosts content: ========================== 2002-09-03 12:34 - 2011-01-12 18:45 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-31 18:44 - 2014-02-03 23:33 - 00166216 _____ () C:\Program Files\Dell\Click 2 Fix+\SSLEAY32.DLL 2014-03-31 18:44 - 2014-02-03 23:29 - 00833856 _____ () C:\Program Files\Dell\Click 2 Fix+\LIBEAY32.dll 2014-03-31 18:44 - 2014-02-03 23:32 - 00579576 _____ () C:\Program Files\Dell\Click 2 Fix+\sqlite3.dll 2014-03-31 18:44 - 2014-02-03 23:30 - 00018240 _____ () C:\Program Files\Dell\Click 2 Fix+\node.dll 2014-03-31 22:13 - 2014-03-15 04:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-08-19 23:01 - 2013-08-19 23:01 - 16166280 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service wsearchidxpi (wsearchidxpi) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service UGTHRSVC (UGTHRSVC) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service UGatherer (UGatherer) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update. Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 02:36:03 PM) (Source: Application Hang) (User: ) Description: Fault bucket 1432846009. System errors: ============= Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Microsoft Office Sessions: ========================= Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: wsearchidxpiwsearchidxpi Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: UGTHRSVCUGTHRSVC Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: UGathererUGatherer Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update.(NULL)(NULL)(NULL) Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 02:36:03 PM) (Source: Application Hang)(User: ) Description: 1432846009 ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 2046 MB Available physical RAM: 1481.77 MB Total Pagefile: 4968.77 MB Available Pagefile: 4592.5 MB Total Virtual: 2047.88 MB Available Virtual: 1950.11 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:34.04 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3) Partition: GPT Partition Type. ==================== End Of Log ============================

Dear MrCharlie, My brother accidnetally downloaded SUPERAntiSpyware Program on my computer, and now My computer is lagging again, super slow and the mouse is lagging. I am so upset right now. I can't believe it. I think it gave me malware when he downloaded it from the internet!!!!

Hi MrCharlie, I noticed on my registry , I had OUTFoxTv registry.. Isnt that suppose to be malware ..I also noticed when I am watching educational videos on my computer, they are lagging. Especially on Youtube. It wasnt like that before.. When I am surfing the internet, its super fast though...Any clues? Thanks!!

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Owner at 2014-03-30 23:17:04 Running from C:\Documents and Settings\Owner\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) B57Inst (Version: 3.40 - Broadcom) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom) Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation) Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software) Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google) Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Restore Points ========================= 14-01-2014 17:49:57 System Checkpoint 15-01-2014 05:54:45 Software Distribution Service 3.0 16-01-2014 07:09:59 Software Distribution Service 3.0 17-01-2014 21:17:33 System Checkpoint 18-01-2014 22:58:06 System Checkpoint 20-01-2014 01:13:57 System Checkpoint 21-01-2014 06:25:08 System Checkpoint 22-01-2014 06:26:14 System Checkpoint 24-01-2014 20:28:07 System Checkpoint 26-01-2014 01:13:14 System Checkpoint 27-01-2014 01:44:57 System Checkpoint 28-01-2014 15:21:36 System Checkpoint 29-01-2014 22:51:49 System Checkpoint 31-01-2014 01:33:13 System Checkpoint 01-02-2014 01:42:05 System Checkpoint 02-02-2014 01:38:00 Removed Bing Bar 02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software 02-02-2014 01:47:27 Removed HP Officejet 4620 series Help 03-02-2014 02:40:44 System Checkpoint 04-02-2014 21:11:53 System Checkpoint 06-02-2014 03:04:23 System Checkpoint 06-02-2014 07:03:59 Removed I.R.I.S. OCR 06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study 06-02-2014 07:11:03 Removed HP Update. 06-02-2014 07:11:45 Removed Skype™ 6.13 07-02-2014 08:00:36 Software Distribution Service 3.0 09-02-2014 05:42:28 System Checkpoint 10-02-2014 08:50:26 System Checkpoint 11-02-2014 23:23:49 System Checkpoint 13-02-2014 02:54:19 System Checkpoint 13-02-2014 08:01:12 Software Distribution Service 3.0 15-02-2014 05:33:36 System Checkpoint 18-02-2014 02:55:11 System Checkpoint 18-02-2014 05:35:50 Installed Achiever 19-02-2014 04:37:11 Removed Achiever 20-02-2014 04:53:35 System Checkpoint 21-02-2014 20:45:06 System Checkpoint 22-02-2014 22:21:19 System Checkpoint 23-02-2014 00:24:32 Installed Java 7 Update 51 23-02-2014 00:37:04 Pre Install Click 2 Fix restore point 23-02-2014 01:10:57 Software Distribution Service 3.0 23-02-2014 06:01:44 Software Distribution Service 3.0 24-02-2014 03:41:32 Software Distribution Service 3.0 25-02-2014 04:19:06 System Checkpoint 26-02-2014 04:54:36 System Checkpoint 28-02-2014 19:49:33 System Checkpoint 01-03-2014 23:21:00 System Checkpoint 03-03-2014 00:02:04 System Checkpoint 04-03-2014 02:44:31 System Checkpoint 05-03-2014 03:22:54 System Checkpoint 05-03-2014 18:48:36 Removed Skype™ 6.14 06-03-2014 21:14:35 System Checkpoint 07-03-2014 21:57:53 System Checkpoint 09-03-2014 01:47:24 System Checkpoint 10-03-2014 07:02:03 System Checkpoint 10-03-2014 21:15:08 Software Distribution Service 3.0 12-03-2014 01:43:49 Software Distribution Service 3.0 14-03-2014 18:44:02 System Checkpoint 16-03-2014 21:39:54 System Checkpoint 17-03-2014 23:51:10 System Checkpoint 19-03-2014 00:49:57 Software Distribution Service 3.0 20-03-2014 18:59:19 System Checkpoint 21-03-2014 19:24:05 System Checkpoint 22-03-2014 22:07:14 System Checkpoint 29-03-2014 03:46:25 Installed Camtasia Studio 8 29-03-2014 06:13:12 Removed Camtasia Studio 8 29-03-2014 06:38:58 Restore Operation 29-03-2014 06:51:15 Installed Camtasia Studio 6 29-03-2014 07:01:10 Software Distribution Service 3.0 30-03-2014 02:02:19 Software Distribution Service 3.0 31-03-2014 02:21:48 System Checkpoint ==================== Hosts content: ========================== 2002-09-03 12:34 - 2011-01-12 19:45 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-25 22:21 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll 2002-09-03 12:53 - 2014-02-05 04:55 - 00562688 _____ () C:\WINDOWS\System32\qedit.dll 2002-09-03 12:44 - 2008-04-14 08:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2002-09-03 12:53 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll 2002-09-03 12:30 - 2008-04-14 08:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll 2014-03-18 17:43 - 2014-03-18 17:44 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:25:48 PM) (Source: Application Hang) (User: ) Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/30/2014 10:25:35 PM) (Source: Application Hang) (User: ) Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (03/30/2014 10:47:50 PM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 02:36:36 PM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 00:29:54 AM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 00:28:01 AM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (03/30/2014 00:23:05 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:18:25 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (03/30/2014 00:18:04 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:58 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:24 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:22 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions: ========================= Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI Error: (03/30/2014 10:25:48 PM) (Source: Application Hang)(User: ) Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000 Error: (03/30/2014 10:25:35 PM) (Source: Application Hang)(User: ) Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 2046 MB Available physical RAM: 1470.68 MB Total Pagefile: 4968.77 MB Available Pagefile: 4573.69 MB Total Virtual: 2047.88 MB Available Virtual: 1958.31 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:33.68 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3) Partition: GPT Partition Type. ==================== End Of Log ============================

Hi MrCharlie! Here are the logs! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Owner (administrator) on ANAM-RNFR3WMDD7 on 30-03-2014 23:12:25 Running from C:\Documents and Settings\Owner\My Documents\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) HKU\S-1-5-21-1935655697-725345543-1398031866-1003\...\Winlogon: [shell] - ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP16BF35BB-350F-497B-BFE0-7A2F0AFFEB29&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {EEBA3501-49F3-4219-96B6-F8603AF1AD5C} URL = http://www.bing.com/search?q={searchTerms}&r=250 SearchScopes: HKCU - {F5C06B15-C34B-4DA9-B402-8E7E2E2D4463} URL = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=00674ddf02a8433b9ed0a9291062edcc&tu=11J3y00DC2B0Ca0&sku=&tstsId=&ver=&&r=281 BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll No File FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll No File FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( ) FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "sync_promo" : { "show_on_first_run_allowed" CHR DefaultSearchProvider: Search By ZoneAlarm CHR DefaultSearchURL: http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=00674ddf02a8433b9ed0a9291062edcc&tu=11J3y00DC2B0Ca0&sku=&tstsId=&ver=& CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [] CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [] ========================== Services (Whitelisted) ================= S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X] ==================== Drivers (Whitelisted) ==================== R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-11-07] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation) S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] () S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) U0 PROCMON23; System32\Drivers\PROCMON23.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-30 23:12 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST 2014-03-30 22:33 - 2014-03-30 22:33 - 00002253 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_03302014_223328.txt 2014-03-30 22:29 - 2014-03-30 22:33 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine 2014-03-30 16:36 - 2014-03-30 16:35 - 142051374 _____ () C:\Documents and Settings\Owner\Desktop\Biology Quizzes Workshop.avi 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:04 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:03 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:00 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 14:58 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:56 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:49 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-30 14:44 - 2014-03-30 14:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 17:20 - 2014-03-29 22:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-29 00:00 - 2014-03-29 02:58 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-28 23:46 - 2014-03-29 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-19 00:37 - 2014-03-30 22:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-19 00:37 - 2014-03-19 13:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00004870 _____ () C:\WINDOWS\KB2934207.log 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 17:43 - 2014-03-18 17:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-11 21:44 - 2014-03-11 21:46 - 00011599 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-11 21:14 - 2014-03-11 21:44 - 00009105 _____ () C:\WINDOWS\KB2929961.log 2014-03-11 21:12 - 2014-03-11 21:44 - 00010423 _____ () C:\WINDOWS\KB2930275.log 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk ==================== One Month Modified Files and Folders ======= 2014-03-30 23:12 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST 2014-03-30 22:48 - 2011-10-06 21:12 - 01736801 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-30 22:47 - 2014-03-19 00:37 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-30 22:47 - 2013-05-25 16:00 - 00000340 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job 2014-03-30 22:47 - 2011-10-06 17:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-30 22:47 - 2011-10-05 20:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-30 22:47 - 2011-10-05 20:12 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-30 22:45 - 2014-02-20 23:01 - 00000000 ____D () C:\AdwCleaner 2014-03-30 22:45 - 2011-10-06 17:29 - 00032112 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-30 22:45 - 2011-10-06 17:29 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini 2014-03-30 22:38 - 2012-10-11 00:22 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job 2014-03-30 22:33 - 2014-03-30 22:33 - 00002253 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_03302014_223328.txt 2014-03-30 22:33 - 2014-03-30 22:29 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine 2014-03-30 22:23 - 2012-02-22 00:31 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-03-30 20:50 - 2011-10-06 15:45 - 00215552 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-30 18:38 - 2012-10-11 00:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job 2014-03-30 16:35 - 2014-03-30 16:36 - 142051374 _____ () C:\Documents and Settings\Owner\Desktop\Biology Quizzes Workshop.avi 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:07 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:05 - 2014-03-30 15:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:02 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 15:00 - 2014-03-30 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:57 - 2014-03-30 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:57 - 2014-03-30 14:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-30 14:53 - 2014-03-30 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-30 02:00 - 2012-11-29 10:26 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job 2014-03-30 02:00 - 2012-11-21 02:21 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job 2014-03-29 23:12 - 2013-04-10 17:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-03-29 22:54 - 2014-03-29 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 21:44 - 2011-10-06 21:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia 2014-03-29 18:52 - 2013-10-29 12:01 - 00001552 _____ () C:\Documents and Settings\Owner\Desktop\Dell TEch.txt 2014-03-29 14:25 - 2013-08-18 04:24 - 00235912 _____ () C:\WINDOWS\setupapi.log 2014-03-29 14:12 - 2002-09-03 13:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-29 02:58 - 2014-03-29 00:00 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 02:51 - 2013-08-18 17:29 - 00011910 _____ () C:\WINDOWS\wmsetup.log 2014-03-29 02:35 - 2014-03-28 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-29 02:21 - 2013-08-28 03:25 - 00254093 _____ () C:\WINDOWS\FaxSetup.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00128021 _____ () C:\WINDOWS\ocgen.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00098284 _____ () C:\WINDOWS\tsoc.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00084046 _____ () C:\WINDOWS\comsetup.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00051278 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00040105 _____ () C:\WINDOWS\iis6.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00014149 _____ () C:\WINDOWS\ocmsn.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00012839 _____ () C:\WINDOWS\msgsocm.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00001917 _____ () C:\WINDOWS\imsins.log 2014-03-29 01:54 - 2013-04-09 22:49 - 00004534 _____ () C:\Documents and Settings\Owner\Application Data\CamStudio.cfg 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamShapes.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamLayout.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000120 _____ () C:\Documents and Settings\Owner\Application Data\Camdata.ini 2014-03-29 01:52 - 2013-04-09 22:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:47 - 2013-04-11 03:28 - 00494206 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-725345543-1398031866-1003-0.dat 2014-03-29 00:47 - 2013-04-11 03:28 - 00214414 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-03-29 00:44 - 2013-02-28 05:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Shoes for ash 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-28 23:37 - 2011-10-05 20:10 - 00007042 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-23 22:16 - 2012-11-11 19:16 - 00000309 _____ () C:\Documents and Settings\Owner\Application Data\com.crackdat.crackdatsuite.xml 2014-03-23 22:16 - 2012-11-11 19:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Crack the DAT 2014-03-22 18:47 - 2013-04-15 18:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DAT 2014-03-21 17:12 - 2012-09-18 20:07 - 00000178 ___SH () C:\Documents and Settings\SHAK\ntuser.ini 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-20 01:38 - 2013-10-02 16:06 - 00000269 _____ () C:\Documents and Settings\Owner\Desktop\fax to chase.txt 2014-03-19 13:07 - 2014-03-19 00:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-19 00:36 - 2012-08-19 22:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-18 20:56 - 2014-03-18 20:56 - 00004870 _____ () C:\WINDOWS\KB2934207.log 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 20:56 - 2013-08-28 03:25 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-18 20:55 - 2013-07-13 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-18 20:51 - 2012-09-07 19:31 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-18 17:44 - 2014-03-18 17:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-16 23:24 - 2013-01-01 02:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Puters 2014-03-16 23:22 - 2013-05-22 14:45 - 00000365 _____ () C:\Documents and Settings\Owner\Desktop\LOL999.txt 2014-03-16 23:18 - 2012-03-04 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Misc 2014-03-16 16:11 - 2013-09-28 20:05 - 00001269 _____ () C:\Documents and Settings\Owner\Desktop\cool.txt 2014-03-16 16:08 - 2013-03-18 19:51 - 00001785 _____ () C:\Documents and Settings\Owner\Desktop\BOUGHT!.txt 2014-03-15 19:01 - 2011-10-05 20:08 - 00000210 ___SH () C:\boot.ini 2014-03-15 19:01 - 2002-09-03 13:11 - 00000884 _____ () C:\WINDOWS\win.ini 2014-03-15 19:01 - 2002-09-03 13:06 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-12 22:58 - 2013-03-20 02:39 - 03444184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-11 21:46 - 2014-03-11 21:44 - 00011599 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-11 21:45 - 2013-09-13 01:32 - 00019755 _____ () C:\WINDOWS\updspapi.log 2014-03-11 21:45 - 2012-03-05 23:16 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-11 21:44 - 2014-03-11 21:14 - 00009105 _____ () C:\WINDOWS\KB2929961.log 2014-03-11 21:44 - 2014-03-11 21:12 - 00010423 _____ () C:\WINDOWS\KB2930275.log 2014-03-11 21:29 - 2011-10-11 22:01 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2014-03-11 21:28 - 2011-10-10 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-10 17:16 - 2014-02-13 04:24 - 00019822 _____ () C:\WINDOWS\KB2909921-IE8.log 2014-03-10 16:51 - 2012-09-18 20:07 - 00000000 ____D () C:\Documents and Settings\SHAK\Application Data\Macromedia 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk 2014-03-09 19:13 - 2013-08-17 18:26 - 00000420 _____ () C:\WINDOWS\setupact.log 2014-03-07 00:46 - 2012-02-15 23:07 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-03-06 00:55 - 2013-08-07 17:38 - 00001544 _____ () C:\Documents and Settings\Owner\Desktop\Salonnnn.txt 2014-03-05 15:23 - 2012-01-26 06:01 - 00000132 _____ () C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs 2014-03-05 14:47 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype 2014-03-05 13:40 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype 2014-03-04 21:14 - 2014-02-22 21:59 - 00024782 _____ () C:\WINDOWS\KB940157Uninst.log Files to move or delete: ==================== C:\Documents and Settings\Owner\Application Data\CamLayout.ini C:\Documents and Settings\Owner\Application Data\CamShapes.ini Some content of TEMP: ==================== C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Owner at 2014-03-30 23:13:51 Running from C:\Documents and Settings\Owner\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) B57Inst (Version: 3.40 - Broadcom) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom) Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation) Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software) Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google) Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Restore Points ========================= 14-01-2014 17:49:57 System Checkpoint 15-01-2014 05:54:45 Software Distribution Service 3.0 16-01-2014 07:09:59 Software Distribution Service 3.0 17-01-2014 21:17:33 System Checkpoint 18-01-2014 22:58:06 System Checkpoint 20-01-2014 01:13:57 System Checkpoint 21-01-2014 06:25:08 System Checkpoint 22-01-2014 06:26:14 System Checkpoint 24-01-2014 20:28:07 System Checkpoint 26-01-2014 01:13:14 System Checkpoint 27-01-2014 01:44:57 System Checkpoint 28-01-2014 15:21:36 System Checkpoint 29-01-2014 22:51:49 System Checkpoint 31-01-2014 01:33:13 System Checkpoint 01-02-2014 01:42:05 System Checkpoint 02-02-2014 01:38:00 Removed Bing Bar 02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software 02-02-2014 01:47:27 Removed HP Officejet 4620 series Help 03-02-2014 02:40:44 System Checkpoint 04-02-2014 21:11:53 System Checkpoint 06-02-2014 03:04:23 System Checkpoint 06-02-2014 07:03:59 Removed I.R.I.S. OCR 06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study 06-02-2014 07:11:03 Removed HP Update. 06-02-2014 07:11:45 Removed Skype™ 6.13 07-02-2014 08:00:36 Software Distribution Service 3.0 09-02-2014 05:42:28 System Checkpoint 10-02-2014 08:50:26 System Checkpoint 11-02-2014 23:23:49 System Checkpoint 13-02-2014 02:54:19 System Checkpoint 13-02-2014 08:01:12 Software Distribution Service 3.0 15-02-2014 05:33:36 System Checkpoint 18-02-2014 02:55:11 System Checkpoint 18-02-2014 05:35:50 Installed Achiever 19-02-2014 04:37:11 Removed Achiever 20-02-2014 04:53:35 System Checkpoint 21-02-2014 20:45:06 System Checkpoint 22-02-2014 22:21:19 System Checkpoint 23-02-2014 00:24:32 Installed Java 7 Update 51 23-02-2014 00:37:04 Pre Install Click 2 Fix restore point 23-02-2014 01:10:57 Software Distribution Service 3.0 23-02-2014 06:01:44 Software Distribution Service 3.0 24-02-2014 03:41:32 Software Distribution Service 3.0 25-02-2014 04:19:06 System Checkpoint 26-02-2014 04:54:36 System Checkpoint 28-02-2014 19:49:33 System Checkpoint 01-03-2014 23:21:00 System Checkpoint 03-03-2014 00:02:04 System Checkpoint 04-03-2014 02:44:31 System Checkpoint 05-03-2014 03:22:54 System Checkpoint 05-03-2014 18:48:36 Removed Skype™ 6.14 06-03-2014 21:14:35 System Checkpoint 07-03-2014 21:57:53 System Checkpoint 09-03-2014 01:47:24 System Checkpoint 10-03-2014 07:02:03 System Checkpoint 10-03-2014 21:15:08 Software Distribution Service 3.0 12-03-2014 01:43:49 Software Distribution Service 3.0 14-03-2014 18:44:02 System Checkpoint 16-03-2014 21:39:54 System Checkpoint 17-03-2014 23:51:10 System Checkpoint 19-03-2014 00:49:57 Software Distribution Service 3.0 20-03-2014 18:59:19 System Checkpoint 21-03-2014 19:24:05 System Checkpoint 22-03-2014 22:07:14 System Checkpoint 29-03-2014 03:46:25 Installed Camtasia Studio 8 29-03-2014 06:13:12 Removed Camtasia Studio 8 29-03-2014 06:38:58 Restore Operation 29-03-2014 06:51:15 Installed Camtasia Studio 6 29-03-2014 07:01:10 Software Distribution Service 3.0 30-03-2014 02:02:19 Software Distribution Service 3.0 31-03-2014 02:21:48 System Checkpoint ==================== Hosts content: ========================== 2002-09-03 12:34 - 2011-01-12 19:45 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-25 22:21 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll 2014-03-18 17:43 - 2014-03-18 17:44 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:25:48 PM) (Source: Application Hang) (User: ) Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/30/2014 10:25:35 PM) (Source: Application Hang) (User: ) Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (03/30/2014 10:47:50 PM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 02:36:36 PM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 00:29:54 AM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 00:28:01 AM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (03/30/2014 00:23:05 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:18:25 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (03/30/2014 00:18:04 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:58 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:24 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:22 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions: ========================= Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI Error: (03/30/2014 10:25:48 PM) (Source: Application Hang)(User: ) Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000 Error: (03/30/2014 10:25:35 PM) (Source: Application Hang)(User: ) Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 2046 MB Available physical RAM: 1481.41 MB Total Pagefile: 4968.77 MB Available Pagefile: 4578.3 MB Total Virtual: 2047.88 MB Available Virtual: 1950.31 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:33.68 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3) Partition: GPT Partition Type. ==================== End Of Log ============================

Thank you so much Mr Charlie for helping me! My PC is fast again! All because of your magic. God bless you!! # AdwCleaner v3.022 - Report created 29/03/2014 at 20:47:17 # Updated 13/03/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Owner - ANAM-RNFR3WMDD7 # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw3v1z4.default-1376784065718\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2 Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw3v1z4.default-1376784065718\prefs.js ] [ File : C:\Documents and Settings\Dena\Application Data\Mozilla\Firefox\Profiles\8boufv13.default\prefs.js ] [ File : C:\Documents and Settings\SHAK\Application Data\Mozilla\Firefox\Profiles\vd8ncv3g.default\prefs.js ] -\\ Google Chrome v [ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1958 octets] - [20/02/2014 23:02:39] AdwCleaner[R1].txt - [2886 octets] - [29/03/2014 20:43:28] AdwCleaner[s0].txt - [2047 octets] - [20/02/2014 23:33:43] AdwCleaner[s1].txt - [2843 octets] - [29/03/2014 20:47:17] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2903 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.29.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANAM-RNFR3WMDD7 [administrator] 3/29/2014 9:10:20 PM mbam-log-2014-03-29 (21-10-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 263065 Time elapsed: 24 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

ROUGEKILLER LOG! RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 03/29/2014 14:16:58 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] EAT @firefox.exe (FREEBL_GetVector) : nssckbi.dll -> HOOKED (C:\Program Files\Mozilla Firefox\freebl3.dll @ 0x0C001000) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380215A +++++ --- User --- [MBR] 73f987c631ba42764dce97e57309caf0 [bSP] 33e325a7d9768a4c0f3363561fe8019d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_03292014_141658.txt >>

Hi Mr Charlie, Thank you so much for your reply. I have scanned again using Malwarebytes second time, No Threats found. Also, Do I run Roguekiller now, or wait for your instructions? Thanks! Here is my DDS LOG DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2 Run by Owner at 13:03:20 on 2014-03-29 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1387 [GMT -4:00] . . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com uWinlogon: Shell = - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-System: EnableUIPI = dword:1 mPolicies-System: DisableCAD = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{B169077C-B8BA-4261-A7F8-0829245ABA8A} : DHCPNameServer = 192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\xkw3v1z4.default-1376784065718\ FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm FF - prefs.js: browser.startup.homepage - about:home FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll . ============= SERVICES / DRIVERS =============== . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-3-29 40776] S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-11-7 30976] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2014-03-29 16:36:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2014-03-29 06:53:04 -------- d-----w- c:\windows\system32\QuickTime 2014-03-29 06:51:53 -------- d-----w- c:\program files\common files\TechSmith Shared 2014-03-29 05:43:42 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint 2014-03-29 04:01:11 -------- d-----w- c:\documents and settings\owner\application data\TechSmith 2014-03-21 06:12:04 -------- d-----w- c:\documents and settings\owner\application data\Windows Search 2014-03-18 19:31:10 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe 2014-03-18 19:31:10 13312 ------w- c:\windows\system32\xp_eos.exe . ==================== Find3M ==================== . 2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec 2014-02-23 00:30:29 103832 ----a-w- c:\documents and settings\owner\GoToAssistDownloadHelper.exe 2014-02-18 01:18:08 867608 ----a-w- c:\windows\DellClick2Fix_DownloadManager.exe 2014-02-18 01:17:52 379315 ----a-w- c:\windows\DellClick2Fix_DownloadManager-1.bin 2014-02-18 01:17:52 12700 ----a-w- c:\windows\DellClick2Fix_DownloadManager-0.bin 2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll 2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll . ============= FINISH: 13:04:26.10 =============== ATTACH LOG . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/6/2011 5:29:00 PM System Uptime: 3/29/2014 12:30:08 PM (1 hours ago) . Motherboard: Dell Computer Corp. | | 0G1548 Processor: Intel® Pentium® 4 CPU 2.20GHz | Microprocessor | 2192/400mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 4.74 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP112: 1/14/2014 12:49:57 PM - System Checkpoint RP113: 1/15/2014 12:54:45 AM - Software Distribution Service 3.0 RP114: 1/16/2014 2:09:59 AM - Software Distribution Service 3.0 RP115: 1/17/2014 4:17:33 PM - System Checkpoint RP116: 1/18/2014 5:58:06 PM - System Checkpoint RP117: 1/19/2014 8:13:57 PM - System Checkpoint RP118: 1/21/2014 1:25:08 AM - System Checkpoint RP119: 1/22/2014 1:26:14 AM - System Checkpoint RP120: 1/24/2014 3:28:07 PM - System Checkpoint RP121: 1/25/2014 8:13:14 PM - System Checkpoint RP122: 1/26/2014 8:44:57 PM - System Checkpoint RP123: 1/28/2014 10:21:36 AM - System Checkpoint RP124: 1/29/2014 5:51:49 PM - System Checkpoint RP125: 1/30/2014 8:33:13 PM - System Checkpoint RP126: 1/31/2014 8:42:05 PM - System Checkpoint RP127: 2/1/2014 8:38:00 PM - Removed Bing Bar RP128: 2/1/2014 8:41:29 PM - Removed HP Officejet 4620 series Basic Device Software RP129: 2/1/2014 8:47:27 PM - Removed HP Officejet 4620 series Help RP130: 2/2/2014 9:40:44 PM - System Checkpoint RP131: 2/4/2014 4:11:53 PM - System Checkpoint RP132: 2/5/2014 10:04:23 PM - System Checkpoint RP133: 2/6/2014 2:03:59 AM - Removed I.R.I.S. OCR RP134: 2/6/2014 2:08:26 AM - Removed HP Officejet 4620 series Product Improvement Study RP135: 2/6/2014 2:11:03 AM - Removed HP Update. RP136: 2/6/2014 2:11:45 AM - Removed Skype™ 6.13 RP137: 2/7/2014 3:00:36 AM - Software Distribution Service 3.0 RP138: 2/9/2014 12:42:28 AM - System Checkpoint RP139: 2/10/2014 3:50:26 AM - System Checkpoint RP140: 2/11/2014 6:23:49 PM - System Checkpoint RP141: 2/12/2014 9:54:19 PM - System Checkpoint RP142: 2/13/2014 3:01:12 AM - Software Distribution Service 3.0 RP143: 2/15/2014 12:33:36 AM - System Checkpoint RP144: 2/17/2014 9:55:11 PM - System Checkpoint RP145: 2/18/2014 12:35:50 AM - Installed Achiever RP146: 2/18/2014 11:37:11 PM - Removed Achiever RP147: 2/19/2014 11:53:35 PM - System Checkpoint RP148: 2/21/2014 3:45:06 PM - System Checkpoint RP149: 2/22/2014 5:21:19 PM - System Checkpoint RP150: 2/22/2014 7:24:32 PM - Installed Java 7 Update 51 RP151: 2/22/2014 7:37:04 PM - Pre Install Click 2 Fix restore point RP152: 2/22/2014 8:10:57 PM - Software Distribution Service 3.0 RP153: 2/23/2014 1:01:44 AM - Software Distribution Service 3.0 RP154: 2/23/2014 10:41:32 PM - Software Distribution Service 3.0 RP155: 2/24/2014 11:19:06 PM - System Checkpoint RP156: 2/25/2014 11:54:36 PM - System Checkpoint RP157: 2/28/2014 2:49:33 PM - System Checkpoint RP158: 3/1/2014 6:21:00 PM - System Checkpoint RP159: 3/2/2014 7:02:04 PM - System Checkpoint RP160: 3/3/2014 9:44:31 PM - System Checkpoint RP161: 3/4/2014 10:22:54 PM - System Checkpoint RP162: 3/5/2014 1:48:36 PM - Removed Skype™ 6.14 RP163: 3/6/2014 4:14:35 PM - System Checkpoint RP164: 3/7/2014 4:57:53 PM - System Checkpoint RP165: 3/8/2014 8:47:24 PM - System Checkpoint RP166: 3/10/2014 3:02:03 AM - System Checkpoint RP167: 3/10/2014 5:15:08 PM - Software Distribution Service 3.0 RP168: 3/11/2014 9:43:49 PM - Software Distribution Service 3.0 RP169: 3/14/2014 2:44:02 PM - System Checkpoint RP170: 3/16/2014 5:39:54 PM - System Checkpoint RP171: 3/17/2014 7:51:10 PM - System Checkpoint RP172: 3/18/2014 8:49:57 PM - Software Distribution Service 3.0 RP173: 3/20/2014 2:59:19 PM - System Checkpoint RP174: 3/21/2014 3:24:05 PM - System Checkpoint RP175: 3/22/2014 6:07:14 PM - System Checkpoint RP176: 3/28/2014 11:46:25 PM - Installed Camtasia Studio 8 RP177: 3/29/2014 2:13:12 AM - Removed Camtasia Studio 8 RP178: 3/29/2014 2:38:58 AM - Restore Operation RP179: 3/29/2014 2:51:15 AM - Installed Camtasia Studio 6 RP180: 3/29/2014 3:01:10 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS5 Adobe Reader X (10.1.9) B57Inst BCM V.92 56K Modem Broadcom Driver Installer Camtasia Studio 6 Crack the DAT 2013-2014 Crack the DAT 5.0.26 Dell ResourceCD Google Talk Plugin Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Intel® Extreme Graphics Driver Java 7 Update 51 Java Auto Updater Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2000 Professional Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service PDF Settings CS5 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB2888505) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Internet Explorer 8 (KB2909210) Security Update for Windows Internet Explorer 8 (KB2909921) Security Update for Windows Internet Explorer 8 (KB2925418) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2647516) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2862152) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2868626) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2876331) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB2892075) Security Update for Windows XP (KB2893294) Security Update for Windows XP (KB2893984) Security Update for Windows XP (KB2898715) Security Update for Windows XP (KB2900986) Security Update for Windows XP (KB2914368) Security Update for Windows XP (KB2916036) Security Update for Windows XP (KB2929961) Security Update for Windows XP (KB2930275) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB975713) SoundMAX Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Windows XP (KB2492386) Update for Windows XP (KB2904266) Update for Windows XP (KB2934207) Update for Windows XP (KB951978) USB2.0 PC Camera (SN9C201&202) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Windows XP Service Pack 3 WinRAR 4.11 (32-bit) . ==== End Of File ===========================

Hi there, I installed Cam Studio and suddenly noticed my computer lagging and Not responding when I am surfing the internet.., so when I uninstalled and ran Malwarebytes, it detected 4 registry files of PUP.Optional.InstallCore.A & PUP.Optional.OptimzerPro.A and I clicked removed. Can you help me to see if everything is removed and I dont have any malware/viruses, etc!! Thanks!!!!

Hi MrC, Thank you so so so so soooo much for your help. Seriously meant ALOT!! Its a lot faster, but when I open up a page on Firebox, it takes a while for it to load! Otherwise, everything else is great and better than before God bless you!!!! ))))))))))))

Adware Log # AdwCleaner v3.019 - Report created 20/02/2014 at 22:33:43 # Updated 17/02/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Owner - ANAM-RNFR3WMDD7 # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\TechSmith Folder Deleted : C:\Program Files\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\TechSmith Folder Deleted : C:\Documents and Settings\Owner\Application Data\TechSmith Folder Deleted : C:\Documents and Settings\SHAK\Application Data\AVG SafeGuard toolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw3v1z4.default-1376784065718\prefs.js ] [ File : C:\Documents and Settings\Dena\Application Data\Mozilla\Firefox\Profiles\8boufv13.default\prefs.js ] [ File : C:\Documents and Settings\SHAK\Application Data\Mozilla\Firefox\Profiles\vd8ncv3g.default\prefs.js ] -\\ Google Chrome v [ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1958 octets] - [20/02/2014 22:02:39] AdwCleaner[s0].txt - [1907 octets] - [20/02/2014 22:33:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1967 octets] ########## JRT LOG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Microsoft Windows XP x86 Ran by Owner on Thu 02/20/2014 at 22:51:06.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 02/20/2014 at 22:57:14.62 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~