Inactive Amazon said there were hackers in my aunts computer

JusticeNY · 2016/04/27

[Inactive] Amazon said there were hackers in my aunts computer

my aunt was on the phone with amazon i believe they did remote access where they control the computer for u. Then they told her there were hackers in her computer from china? I dont know how they came to that conclusion but were hoping u guys could sort that out

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-04-2016
Ran by sixlove (administrator) on SIXLOVE-PC (26-04-2016 21:46:07)
Running from C:\Users\sixlove\Desktop
Loaded Profiles: sixlove (Available Profiles: IUSR_NMPR & sixlove & House)
Platform: Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Mindspark) C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1413747133\ee\aolsoftware.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(PC Drivers Headquarters) C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mindspark) C:\Program Files\TelevisionFanatic\bar\1.bin\AppIntegrator.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CCUTRAYICON] => C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [FileAgent] => C:\Program Files\FileCenter\Main\FileAgent.exe [5766800 2013-08-16] (Lucion Technologies, LLC)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1413747133\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_31\bin\jusched.exe "
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-30] (APN)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [TelevisionFanatic EPM Support] => C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe [11608 2015-10-28] (Mindspark)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-12] (SigmaTel, Inc.)
HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\Run: [Driver Detective] => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [4678040 2014-01-28] (PC Drivers Headquarters)
HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2007-12-14]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-12-13]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * ???,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * ??,autocheck autochk * system.
GroupPolicyUsers\S-1-5-21-3249766445-722992797-2274620919-1002\User: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3249766445-722992797-2274620919-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6CC151F6-C8D3-4E5A-BB05-1495966C18CE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DC925712-341B-4237-869B-2D59EA9F3FDF}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3249766445-722992797-2274620919-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3249766445-722992797-2274620919-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3249766445-722992797-2274620919-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=781C24A8&p2=^XP^xdm044^S14600^us&ptb=7EA1712E-C8A2-4691-B663-B015F2B59BD2&si=CLquy7zh9MgCFVQYHwodzXEIyQ
URLSearchHook: HKU\S-1-5-21-3249766445-722992797-2274620919-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-3249766445-722992797-2274620919-1001 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (Mindspark)
SearchScopes: HKLM -> {901E8648-A01B-460A-A29E-9D7C40438BAF} URL = hxxp://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie
SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^XP^xdm044^S14600^us&si=CLquy7zh9MgCFVQYHwodzXEIyQ&ptb=7EA1712E-C8A2-4691-B663-B015F2B59BD2&psa=&ind=2015110312&st=sb&n=781c24a8&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3249766445-722992797-2274620919-1001 -> DefaultScope {31B823BE-0FD2-40ED-84E0-CA5B603D159B} URL = hxxp://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie
SearchScopes: HKU\S-1-5-21-3249766445-722992797-2274620919-1001 -> {31B823BE-0FD2-40ED-84E0-CA5B603D159B} URL = hxxp://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie
SearchScopes: HKU\S-1-5-21-3249766445-722992797-2274620919-1001 -> {5A59A166-E37B-4912-A6E8-5CF0D580FB6F} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=52BFE773-85F4-44F1-9E7B-7EE4269D5815&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_9.0.8112.16609&doi=2015-03-02&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3249766445-722992797-2274620919-1001 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^XP^xdm044^S14600^us&si=CLquy7zh9MgCFVQYHwodzXEIyQ&ptb=7EA1712E-C8A2-4691-B663-B015F2B59BD2&psa=&ind=2015110312&st=sb&n=781c24a8&searchfor={searchTerms}
BHO: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll [2015-10-28] (Mindspark)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll [2015-10-28] (Mindspark)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01] (Oracle Corporation)
Toolbar: HKLM - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll [2015-10-28] (Mindspark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-3249766445-722992797-2274620919-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-3249766445-722992797-2274620919-1001 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-3249766445-722992797-2274620919-1001 -> TelevisionFanatic - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll [2015-10-28] (Mindspark)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\sixlove\AppData\Roaming\Mozilla\Firefox\Profiles\td5n09eh.default
FF DefaultSearchEngine: AOL Search
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF SelectedSearchEngine: AOL Search
FF Homepage: hxxp://www.aol.com/?mtmhp=hyplogusaolp00000093
FF Keyword.URL: hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF NetworkProxy: "no_proxies_on ", "*.local "
FF NetworkProxy: "type ", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\sixlove\AppData\Roaming\Mozilla\Firefox\Profiles\td5n09eh.default\searchplugins\aolsearch.xml [2014-09-16]
FF Extension: ArcadeParlor - C:\Users\sixlove\AppData\Roaming\Mozilla\Firefox\Profiles\td5n09eh.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-02-02] [not signed]
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-12] [not signed]
FF Extension: ArcadeParlor - C:\Users\sixlove\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-02-02] [not signed]
FF Extension: WordExtra - C:\Users\sixlove\AppData\Roaming\Mozilla\Firefox\Profiles\td5n09eh.default\Extensions\korey@markus.me [2014-02-23] [not signed]
FF Extension: WordExtra - C:\Program Files\Mozilla Firefox\browser\extensions\korey@markus.me [2015-10-30] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 4.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\sixlove\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\sixlove\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
S4 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.)
S4 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
S4 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] () [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-14] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
S4 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
S4 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R2 TelevisionFanaticService; C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe [89432 2015-10-28] (Mindspark)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S4 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 2006-08-04] (Conexant Systems, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2012-08-02] (EldoS Corporation)
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-12-14] (Intel Corporation)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-10] (Advanced Micro Devices, Inc.)
S3 Ser2rs; C:\Windows\System32\DRIVERS\ser2rs.sys [76288 2007-06-25] (Prolific Technology Inc.)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2016-04-26] (SlimWare Utilities, Inc.)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55232 2014-03-22] (StdLib)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 21:46 - 2016-04-26 21:46 - 00021618 _____ C:\Users\sixlove\Desktop\FRST.txt
2016-04-26 21:44 - 2016-04-26 21:46 - 00000000 ____D C:\FRST
2016-04-26 21:44 - 2016-04-25 15:57 - 01726976 _____ (Farbar) C:\Users\sixlove\Desktop\FRST.exe
2016-04-23 12:19 - 2016-04-23 12:19 - 01835048 _____ (LogMeIn, Inc.) C:\Users\sixlove\Downloads\Support-LogMeInRescue (4).exe
2016-04-23 12:18 - 2016-04-23 12:18 - 01835048 _____ (LogMeIn, Inc.) C:\Users\sixlove\Downloads\Support-LogMeInRescue (3).exe
2016-04-23 12:17 - 2016-04-23 12:17 - 01835048 _____ (LogMeIn, Inc.) C:\Users\sixlove\Downloads\Support-LogMeInRescue.exe
2016-04-23 12:17 - 2016-04-23 12:17 - 01835048 _____ (LogMeIn, Inc.) C:\Users\sixlove\Downloads\Support-LogMeInRescue (2).exe
2016-04-23 12:17 - 2016-04-23 12:17 - 01835048 _____ (LogMeIn, Inc.) C:\Users\sixlove\Downloads\Support-LogMeInRescue (1).exe
2016-04-13 03:11 - 2016-03-18 13:10 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 03:11 - 2016-03-18 13:10 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 03:11 - 2016-03-18 13:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 03:11 - 2016-03-18 13:10 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 03:11 - 2016-03-18 13:09 - 01259520 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 03:11 - 2016-03-04 12:52 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 03:10 - 2016-03-18 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 03:02 - 2016-03-21 18:57 - 01208568 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 03:02 - 2016-03-18 13:10 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 03:02 - 2016-03-18 13:09 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 03:01 - 2016-03-29 16:30 - 02070016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 03:01 - 2016-03-17 13:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-04-13 03:01 - 2016-03-17 13:45 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 15:30 - 2016-03-24 16:40 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-12 15:30 - 2016-03-24 16:38 - 12841472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 15:30 - 2016-03-24 16:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-12 15:30 - 2016-03-24 16:35 - 09753600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 15:30 - 2016-03-24 16:35 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 15:30 - 2016-03-24 16:34 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 15:30 - 2016-03-24 16:33 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-12 15:30 - 2016-03-24 16:33 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-12 15:30 - 2016-03-24 16:33 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-12 15:30 - 2016-03-24 16:33 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-12 15:30 - 2016-03-24 16:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-04-12 15:30 - 2016-03-24 16:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-12 15:30 - 2016-03-24 16:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 15:30 - 2016-03-24 16:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-12 15:30 - 2016-03-24 16:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-12 15:30 - 2016-03-24 16:32 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-12 15:30 - 2016-03-24 16:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-12 15:30 - 2016-03-24 16:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-12 15:30 - 2016-03-24 16:32 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-12 15:30 - 2016-03-24 16:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-04-12 15:30 - 2016-03-24 16:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-04-12 15:30 - 2016-03-24 16:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 21:45 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-04-26 21:45 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-26 21:42 - 2015-11-12 12:13 - 00013368 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2016-04-26 21:42 - 2015-11-12 12:13 - 00000398 _____ C:\Windows\Tasks\DriverUpdate Startup.job
2016-04-26 21:42 - 2014-09-22 22:50 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfd6d931ad4500.job
2016-04-26 21:42 - 2014-04-19 18:15 - 00000000 ____D C:\Users\sixlove\AppData\Local\CrashDumps
2016-04-26 21:42 - 2013-09-09 18:58 - 00000000 ____D C:\ProgramData\FileCenter
2016-04-26 21:37 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-26 21:37 - 2006-11-02 08:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-26 21:37 - 2006-11-02 08:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-24 16:35 - 2007-12-14 08:30 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-04-24 16:35 - 2006-11-02 09:01 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-23 12:52 - 2014-09-22 22:51 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfd6d9356718b0.job
2016-04-23 12:19 - 2014-02-22 20:28 - 00000000 ____D C:\Users\sixlove\AppData\Local\LogMeIn Rescue Applet
2016-04-23 12:03 - 2012-05-04 18:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-22 18:00 - 2009-10-29 21:27 - 00000446 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2016-04-21 11:12 - 2015-11-12 12:12 - 00000448 _____ C:\Windows\Tasks\DriverUpdate Scan.job
2016-04-20 00:20 - 2009-10-29 21:27 - 00000420 _____ C:\Windows\Tasks\ParetoLogic Update Version2.job
2016-04-15 22:07 - 2015-12-13 20:21 - 00002555 _____ C:\Users\sixlove\Desktop\Microsoft Word.lnk
2016-04-13 03:45 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-04-13 03:29 - 2006-11-02 08:47 - 00332944 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 03:10 - 2013-08-16 20:38 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 03:03 - 2006-11-02 06:24 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-04-13 03:00 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2016-04-11 18:54 - 2012-08-06 22:58 - 00001901 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 18:54 - 2012-08-06 22:58 - 00001889 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-07 17:04 - 2012-05-04 18:50 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-07 17:04 - 2011-08-20 13:27 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2009-02-05 18:53 - 2009-02-05 18:53 - 0024064 _____ () C:\Users\sixlove\AppData\Roaming\UserTile.png
2007-12-21 23:40 - 2007-12-21 23:40 - 0000000 _____ () C:\Users\sixlove\AppData\Roaming\wklnhst.dat
2009-08-09 20:51 - 2009-08-09 20:57 - 0002950 _____ () C:\Users\sixlove\AppData\Local\.ipc_copyrecord
2009-02-21 23:52 - 2009-02-21 23:52 - 0000048 _____ () C:\Users\sixlove\AppData\Local\84756-11986-27475-00TC1-94865
2012-05-13 14:26 - 2013-10-07 02:58 - 0000680 _____ () C:\Users\sixlove\AppData\Local\d3d9caps.dat
2007-12-20 00:49 - 2014-02-17 21:27 - 0044544 _____ () C:\Users\sixlove\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-09 20:49 - 2009-08-09 20:49 - 0001232 _____ () C:\Users\sixlove\AppData\Local\iTunesPrefs
2008-05-26 17:23 - 2014-04-16 15:17 - 0026396 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\sixlove\AppData\Local\temp\AcsInstall.dll
C:\Users\sixlove\AppData\Local\temp\APNSetup.exe
C:\Users\sixlove\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\sixlove\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\sixlove\AppData\Local\temp\SHFOLDER.DLL
C:\Users\sixlove\AppData\Local\temp\tu17p84.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-26 21:48

==================== End of FRST.txt ============================

JusticeNY · 2016/04/27

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-04-2016
Ran by sixlove (2016-04-26 21:46:38)
Running from C:\Users\sixlove\Desktop
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X86) (2007-12-14 12:21:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3249766445-722992797-2274620919-500 - Administrator - Disabled)
Guest (S-1-5-21-3249766445-722992797-2274620919-501 - Limited - Disabled)
House (S-1-5-21-3249766445-722992797-2274620919-1002 - Limited - Enabled) => C:\Users\House
IUSR_NMPR (S-1-5-21-3249766445-722992797-2274620919-1000 - Limited - Enabled) => C:\Users\IUSR_NMPR
sixlove (S-1-5-21-3249766445-722992797-2274620919-1001 - Administrator - Enabled) => C:\Users\sixlove

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Premiere Elements 4.0 (HKLM\...\PremElem40) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 4.0 Templates (HKLM\...\PremElem40Templates) (Version: 4.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Soundbooth CS3 (HKLM\...\Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2) (Version: 1 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{5043442D-472D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.3289 - APN, LLC) <==== ATTENTION
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\73f463568823ebbe) (Version: 6.5.0.6 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Driver Detective (HKLM\...\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}) (Version: 8.1 - PC Drivers HeadQuarters)
DriverUpdate (HKLM\...\{E6617834-9398-4F95-9C05-2D87B192E1DF}) (Version: 2.4.3 - SlimWare Utilities, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FileCenter 8.0.0.23 (HKLM\...\{8BC914BF-F80D-47D9-BD1E-809EB6A7C23C}_is1) (Version: 8.0.0.23 - Lucion Technologies, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HiDef Media Player 1.1.12 (HKLM\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel(R) PRO Network Connections 12.1.12.4 (HKLM\...\PROSetDX) (Version: - Dell)
Intel(R) Viiv(TM) Software (HKLM\...\Intel(R) Configuration Center) (Version: 1.7.512.0 - Intel Corporation)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
magicJack (HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\magicJack) (Version: 2.0.6073.4252 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.201.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.201.0 - Tracker Software Products Ltd)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator Premier (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.5.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2 - Roxio)
Roxio MyDVD Premier (HKLM\...\{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}) (Version: 9.1.573 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Search module (HKLM\...\Search module) (Version: - Search Module) <==== ATTENTION
ShopAtHome.com Helper (HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\ShopAtHome.com Helper) (Version: 7.10.2.6 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\ShopAtHome.com Toolbar) (Version: 7.10.2.6 - ShopAtHome.com) <==== ATTENTION
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Sprint Desktop Sync (HKLM\...\{F818A41D-3535-4949-83BB-E41121697A97}) (Version: 2.00.0000 - Core Mobility, Inc.)
TelevisionFanatic Internet Explorer Toolbar (HKLM\...\TelevisionFanaticbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
TouchCopy 09 (HKLM\...\{8F3BE4DF-76F3-443A-A305-A14FC648010C}) (Version: 9.99 - Wide Angle Software)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
WinZip 11.1 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WordExtra (HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\WordExtra) (Version: 1 - hxxp://www.wordextra.com)
XPS MiniView Gadget (HKLM\...\{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}) (Version: 1.00.0000 - CompanionLink Software, Inc.)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{062D6B05-B83A-46DE-81AD-1750FB7C8DE5}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\InprocServer32 -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (Mindspark)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\T30_MC\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{82E5DF24-51E8-47CD-864A-F4BD5005AA73}\InprocServer32 -> C:\Users\sixlove\AppData\Local\MICROS~1\INTERN~1\DOWNLO~1\iCloud.ocx => No File
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{92B0265C-B929-4D42-BA54-75AA39C99198}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}\InprocServer32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-3249766445-722992797-2274620919-1001_Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}\localserver32 -> C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2173779B-45B7-45D3-ADEE-AD29EDB3D736} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-01-28] (PC Drivers Headquarters)
Task: {3C0F8DB4-D59E-4246-98F0-15B08288EF39} - System32\Tasks\{E0FB1225-99DF-4A7E-91CC-1902632554AA} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {3C6FABCD-6B93-4959-B2B6-EDA250932275} - System32\Tasks\{0EB340C3-3EAC-4FA2-8967-1596DEB98B3A} => pcalua.exe -a "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -d "C:\Program Files\HP\Digital Imaging\bin" -c -inst "#Hewlett-Packard#HP Photosmart 2600 series#1212094606" -d "HP Photosmart 2600 series" -testfax "yes "
Task: {3E9ACA2B-90A4-4E43-9FF9-55BEDB9008D8} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe [2015-09-08] (SlimWare Utilities, Inc.)
Task: {4D8B06DE-F363-4D53-B6A9-FE47962E662C} - System32\Tasks\{3C1801AC-C822-4A70-A718-80CFD89776B9} => pcalua.exe -a E:\setup.exe -d E:\
Task: {51558F0E-867A-4609-8241-14C339588951} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {5AD023DA-34D1-4582-9D79-4578B5ACE11A} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
Task: {69A8FE97-6BED-459A-BDA1-BEE80A0C94B8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {6EB6B50F-7D18-4A2A-886E-7AB792121068} - System32\Tasks\GoogleUpdateTaskMachineCore1cfd6d931ad4500 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {731538D7-12E8-4B23-A436-0578DCB6DB06} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-01-28] (PC Drivers Headquarters)
Task: {7608AD8B-203F-453E-9151-00AC1471D928} - System32\Tasks\DriverUpdate Startup => C:\Program Files\DriverUpdate\DriverUpdate.exe [2015-09-08] (SlimWare Utilities, Inc.)
Task: {7901FEFB-5C46-45E1-99CB-B08A25C273CC} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {84B062A3-2827-4DEE-B99C-ECEC70625461} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B0EDC4BB-6CD2-4A03-BEE7-2C125CC047E3} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {B4F974E4-6DD0-4EC3-8918-054F185A9B07} - System32\Tasks\GoogleUpdateTaskMachineUA1cfd6d9356718b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BA182B48-0DA3-474E-8CDC-58D6B4510B75} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {CCC67470-33E3-4ED4-9A90-7729829075C3} - System32\Tasks\{3301C434-394E-45C5-9BC8-11746E72A002} => pcalua.exe -a E:\setup.exe -d E:\
Task: {DAC25BFE-D0EE-4D10-A0F0-C1BC6D0863E8} - System32\Tasks\Driver Detective-RTMScanRunOnce => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-01-28] (PC Drivers Headquarters)
Task: {FD0DBA32-5B2A-4D47-980C-05C063056151} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-01-28] (PC Drivers Headquarters)
Task: {FE07F371-56C6-4D3F-9B99-AEA3E8A3C576} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfd6d931ad4500.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfd6d9356718b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\sixlove\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
ShortcutWithArgument: C:\Users\sixlove\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
ShortcutWithArgument: C:\Users\sixlove\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www-search.net/?pid=s&pi=2
ShortcutWithArgument: C:\Users\sixlove\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2

==================== Loaded Modules (Whitelisted) ==============

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-10 03:11 - 2011-11-10 03:11 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2016-02-10 04:28 - 2016-02-10 04:28 - 00119296 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\a521b739d8cb9a8ff090d90319ee74bf\XPBurnComponent.ni.dll
2014-01-28 16:25 - 2014-01-28 16:25 - 00823168 _____ () C:\Program Files\PC Drivers HeadQuarters\Driver Detective\ThemePack.Default.dll
2014-01-28 16:25 - 2014-01-28 16:25 - 00428448 _____ () C:\Program Files\PC Drivers HeadQuarters\Driver Detective\Agent.Communication.XmlSerializers.dll
2007-08-23 16:58 - 2007-08-23 16:58 - 02070000 _____ () C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_26b2270b-3700-4837-aad7-08c67032fc5b => " "= "Service "

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3249766445-722992797-2274620919-1001\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2014-04-19 19:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3249766445-722992797-2274620919-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\startupfolder: C:^Users^sixlove^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sprint media monitor.lnk => C:\Windows\pss\Sprint media monitor.lnk.Startup
MSCONFIG\startupreg: cdloader => "C:\Users\sixlove\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: Driver Detective => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\sixlove\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: SigmatelSysTrayApp => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{24E07C88-1FE0-4AD8-8D9C-49FD9CDD032C}] => (Allow) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe
FirewallRules: [{41AFDD03-4BD8-4B6F-AF7A-78C1AE97A699}] => (Allow) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe
FirewallRules: [{310710D4-3185-4B5C-AC06-01B6210B44E5}] => (Allow) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
FirewallRules: [{1F552DBD-598F-4204-885D-180B5A3E9786}] => (Allow) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
FirewallRules: [{91F757BA-309C-4CBF-84AB-ECA49C65D9C5}] => (Allow) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
FirewallRules: [{9AD5E102-C65B-4CDB-B00A-DECD8379F614}] => (Allow) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
FirewallRules: [{B249DE5D-1B7A-4F82-994E-3746C8E6EB6D}] => (Allow) LPort=9442
FirewallRules: [{F35D4BF5-0C0E-47F2-90C4-EE4C1FAD3C0C}] => (Allow) LPort=1900
FirewallRules: [{FDD55FE3-7A37-4D2D-8176-171259BFF538}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{EAD8BC82-DD43-485D-9987-DEA0C609C683}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{8A78A203-AB19-4601-BD70-0B8C77FF2531}] => (Allow) C:\Users\sixlove\AppData\Local\Temp\7zS4010.tmp\setup\HPZnui01.exe
FirewallRules: [{6F96998A-ECB5-4208-B58E-BD392DFE9D12}] => (Allow) C:\Users\sixlove\AppData\Local\Temp\7zS4010.tmp\setup\HPZnui01.exe
FirewallRules: [{FAA1BA8A-7F39-45ED-A637-93E7916AEAE0}] => (Allow) C:\Users\sixlove\AppData\Local\Temp\7zSB4F2.tmp\setup\HPZnui01.exe
FirewallRules: [{72302808-BCFB-4EA5-B25E-E22041625815}] => (Allow) C:\Users\sixlove\AppData\Local\Temp\7zSB4F2.tmp\setup\HPZnui01.exe
FirewallRules: [{F06DCFB6-A927-4052-994C-55D5861E3F34}] => (Allow) LPort=80
FirewallRules: [{D2EAD6F7-72E5-4B28-B7C0-9A4A72E4EFA8}] => (Allow) LPort=80
FirewallRules: [{C2E0C213-9C05-43FB-BE0A-53BDE90B4A28}] => (Allow) LPort=80
FirewallRules: [{1E9C3342-0932-41B4-A546-A9454D08CC87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{370649EC-28C8-4A24-B518-467EA06668B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A0A5C2EC-DC82-4CF8-977D-69B434961388}] => (Allow) C:\Users\sixlove\Desktop\NOI.exe
FirewallRules: [{B7357DB8-4502-4EA9-97F8-347129549142}] => (Allow) C:\Users\sixlove\Desktop\NOI.exe
FirewallRules: [TCP Query User{C5EDDD49-A1BE-42C2-B731-BE16F33A5803}C:\users\sixlove\appdata\local\xenocode\sandbox\n.o.i\1.3.0.0\2011.04.19t17.15\virtual\stubexe\8.0.1112\@desktop@\noi.exe] => (Allow) C:\users\sixlove\appdata\local\xenocode\sandbox\n.o.i\1.3.0.0\2011.04.19t17.15\virtual\stubexe\8.0.1112\@desktop@\noi.exe
FirewallRules: [UDP Query User{28B145DF-D6C9-4F4E-854A-8CFBCFA5D84B}C:\users\sixlove\appdata\local\xenocode\sandbox\n.o.i\1.3.0.0\2011.04.19t17.15\virtual\stubexe\8.0.1112\@desktop@\noi.exe] => (Allow) C:\users\sixlove\appdata\local\xenocode\sandbox\n.o.i\1.3.0.0\2011.04.19t17.15\virtual\stubexe\8.0.1112\@desktop@\noi.exe
FirewallRules: [TCP Query User{B5BB450C-BD91-491E-BE8A-756696F5DF06}C:\users\sixlove\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\sixlove\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{AA3BA73B-A695-40D7-8D42-EFCA45AA4099}C:\users\sixlove\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\sixlove\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{049E5C54-3AC0-4FC3-AC66-2F28374F4EDC}] => (Allow) C:\Program Files\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{5092CAA6-77E1-473E-B143-201E4587445D}] => (Allow) C:\Program Files\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{2B194D6C-3B9C-419F-90C9-579D2F1F6281}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D02EBA9E-0F79-4868-9A9C-37F476E03599}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6D596F79-BA79-4594-9227-4DCEE2A7280E}C:\users\house\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\house\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{5370C081-FEC0-49A5-9F0B-E34A87E9B820}C:\users\house\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\house\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{C0B46CCD-C51D-4DBE-AED5-052405F49F07}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{0289554A-83AB-4E3F-97E6-B19A87BA5290}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{A59473C7-903F-451D-B9F6-B7A0F94D83F2}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{BC7FEA3F-1763-4019-8C3C-6CE024EDD7EF}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{46B47C58-D80E-4D7A-A62B-2A08E341CDEB}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{CE7A8C2E-2A5A-4D11-B57A-1F23242AAEEA}] => (Allow) C:\Program Files\Common Files\AOL\1413747133\ee\aolsoftware.exe
FirewallRules: [{330F4F61-6162-4A86-B77C-B01B3A125FB7}] => (Allow) C:\Program Files\Common Files\AOL\1413747133\ee\aolsoftware.exe
FirewallRules: [{20F8CDC4-4900-4DA3-A7CB-65772AAAD891}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{EB4815FA-02F1-4D47-BD93-4B7B998D7E60}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{976994FB-03ED-4926-B08C-B039B159C010}] => (Allow) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{277D28D7-4875-4315-94BE-4BDA269C7BD4}] => (Allow) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4BFC07C9-BC2D-471A-AF89-52E33DCA1E56}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E19B7698-0046-48D0-9F8F-1F4731378AED}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{28B90287-A75D-4210-8A68-ECDAE51BDF68}] => (Allow) C:\Program Files\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{567D0C58-A6FB-4E8B-8F5F-13336BF4EC37}] => (Allow) C:\Program Files\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{D8CA5DA7-BB11-4E94-B4DF-3B6908DF10B5}] => (Allow) C:\Program Files\AOL Desktop 9.7\aolbrowser.exe
FirewallRules: [{FEBC1544-E59B-4C89-947D-07AE6F39A10A}] => (Allow) C:\Program Files\AOL Desktop 9.7\aolbrowser.exe
FirewallRules: [TCP Query User{6D312A6D-AF6E-4672-A96E-FF86D7E1916E}C:\program files\xbmc\xbmc.exe] => (Allow) C:\program files\xbmc\xbmc.exe
FirewallRules: [UDP Query User{71995D42-EF64-464C-83DC-1484A811545F}C:\program files\xbmc\xbmc.exe] => (Allow) C:\program files\xbmc\xbmc.exe
FirewallRules: [TCP Query User{81A44424-0AEF-4791-900D-5A694A0B3C7B}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{45DC5187-EB3A-4FEC-9C3B-71C81FD65D34}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [{A76BC259-44AC-40B6-AD3B-511B84CF7538}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{162773E6-7479-4267-9567-8C9CB6307316}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{723BC2BD-F9DD-4212-A423-6128330B961F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DD7DC078-028D-492B-B0C5-43DCC6762C26}] => (Allow) C:\Users\sixlove\AppData\Local\temp\7zS4599\HPDiagnosticCoreUI.exe
FirewallRules: [{93E106E9-044E-42EC-84DD-24215F12E8B6}] => (Allow) C:\Users\sixlove\AppData\Local\temp\7zS4599\HPDiagnosticCoreUI.exe
FirewallRules: [{EAA877FA-875C-4EC5-ABA9-B2BEA9B6FE89}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-03-2016 17:33:26 Scheduled Checkpoint
24-03-2016 11:34:13 Windows Update
25-03-2016 00:00:03 Scheduled Checkpoint
26-03-2016 00:00:01 Scheduled Checkpoint
27-03-2016 00:00:01 Scheduled Checkpoint
28-03-2016 00:00:00 Scheduled Checkpoint
29-03-2016 00:00:00 Scheduled Checkpoint
30-03-2016 00:00:04 Scheduled Checkpoint
31-03-2016 00:00:00 Scheduled Checkpoint
01-04-2016 00:00:01 Scheduled Checkpoint
02-04-2016 00:00:01 Scheduled Checkpoint
03-04-2016 00:00:01 Scheduled Checkpoint
04-04-2016 00:00:01 Scheduled Checkpoint
05-04-2016 00:00:01 Scheduled Checkpoint
06-04-2016 00:00:04 Scheduled Checkpoint
07-04-2016 00:00:01 Scheduled Checkpoint
08-04-2016 00:00:03 Scheduled Checkpoint
09-04-2016 00:00:03 Scheduled Checkpoint
10-04-2016 23:13:08 Scheduled Checkpoint
12-04-2016 00:00:01 Scheduled Checkpoint
13-04-2016 00:00:01 Scheduled Checkpoint
13-04-2016 03:00:12 Windows Update
14-04-2016 00:00:00 Scheduled Checkpoint
15-04-2016 00:00:00 Scheduled Checkpoint
16-04-2016 00:00:01 Scheduled Checkpoint
17-04-2016 00:00:01 Scheduled Checkpoint
18-04-2016 00:00:01 Scheduled Checkpoint
19-04-2016 00:00:01 Scheduled Checkpoint
20-04-2016 15:02:26 Scheduled Checkpoint
22-04-2016 00:00:01 Scheduled Checkpoint
23-04-2016 00:00:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2016 09:47:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module SysMenu.dll, version 1.0.0.5, time stamp 0x52b449c7, exception code 0xc0000005, fault offset 0x0006ce5c,
process id 0x938, application start time 0xrundll32.exe0.

Error: (04/26/2016 09:42:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application CCU_Engine.exe, version 1.7.548.0, time stamp 0x46803fc5, faulting module CCU_Engine.exe, version 1.7.548.0, time stamp 0x46803fc5, exception code 0xc0000005, fault offset 0x00013190,
process id 0xe94, application start time 0xCCU_Engine.exe0.

Error: (04/23/2016 12:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.1.2.27, time stamp 0x55236809, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x05800000,
process id 0x13d0, application start time 0xiTunes.exe0.

Error: (04/22/2016 12:36:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(5c:59:48:76:35:6b@fe80::5e59:48ff:fe76:356b._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (04/22/2016 03:52:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module SysMenu.dll, version 1.0.0.5, time stamp 0x52b449c7, exception code 0xc0000005, fault offset 0x0006ce5c,
process id 0x1468, application start time 0xrundll32.exe0.

Error: (04/21/2016 06:35:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.1.2.27, time stamp 0x55236809, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00ffffff,
process id 0xe88, application start time 0xiTunes.exe0.

Error: (04/21/2016 03:52:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module SysMenu.dll, version 1.0.0.5, time stamp 0x52b449c7, exception code 0xc0000005, fault offset 0x0006ce5c,
process id 0xe14, application start time 0xrundll32.exe0.

Error: (04/20/2016 01:03:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.1.2.27, time stamp 0x55236809, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000010,
process id 0x4fc, application start time 0xiTunes.exe0.

Error: (04/20/2016 12:52:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application CCU_Engine.exe, version 1.7.548.0, time stamp 0x46803fc5, faulting module CCU_Engine.exe, version 1.7.548.0, time stamp 0x46803fc5, exception code 0xc0000005, fault offset 0x00013190,
process id 0xdb0, application start time 0xCCU_Engine.exe0.

Error: (04/20/2016 12:33:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.1.2.27, time stamp 0x55236809, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x9fb96f1e,
process id 0x13a4, application start time 0xiTunes.exe0.

System errors:
=============
Error: (04/26/2016 09:39:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Intel(R) Viiv(TM) Media ServerIntel(R) Software Services Manager%%1058

Error: (04/24/2016 04:32:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Intel(R) Viiv(TM) Media ServerIntel(R) Software Services Manager%%1058

Error: (04/24/2016 04:31:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:00:46 PM on 4/23/2016 was unexpected.

Error: (04/20/2016 12:52:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Intel(R) Viiv(TM) Media ServerIntel(R) Software Services Manager%%1058

Error: (04/20/2016 12:49:18 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (04/19/2016 04:50:23 PM) (Source: DCOM) (EventID: 10016) (User: sixlove-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}sixlove-PCsixloveS-1-5-21-3249766445-722992797-2274620919-1001LocalHost (Using LRPC)

Error: (04/19/2016 04:50:23 PM) (Source: DCOM) (EventID: 10016) (User: sixlove-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}sixlove-PCsixloveS-1-5-21-3249766445-722992797-2274620919-1001LocalHost (Using LRPC)

Error: (04/19/2016 04:49:45 PM) (Source: DCOM) (EventID: 10016) (User: sixlove-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}sixlove-PCsixloveS-1-5-21-3249766445-722992797-2274620919-1001LocalHost (Using LRPC)

Error: (04/13/2016 03:30:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Intel(R) Viiv(TM) Media ServerIntel(R) Software Services Manager%%1058

Error: (04/10/2016 10:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Intel(R) Viiv(TM) Media ServerIntel(R) Software Services Manager%%1058

CodeIntegrity:
===================================
Date: 2015-11-24 13:06:05.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-24 13:06:05.318
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-24 13:06:05.012
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-24 13:06:04.715
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-24 13:06:02.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-24 13:06:02.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-24 13:06:02.238
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-24 13:06:01.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-16 11:43:52.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-16 11:43:52.425
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Percentage of memory in use: 35%
Total physical RAM: 3325.03 MB
Available physical RAM: 2137.41 MB
Total Virtual: 6843.05 MB
Available Virtual: 5856.05 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.04 GB) (Free:144.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.3 GB) NTFS
Drive g: (USB) (Removable) (Total:1.96 GB) (Free:1.2 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End of Addition.txt ============================

broni · 2016/04/27

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

I don't see any AV program running.
Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.

Uninstall following unwanted programs:

Ask Toolbar
Search module
ShopAtHome.com Helper
ShopAtHome.com Toolbar
TelevisionFanatic Internet Explorer Toolbar

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware

A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Export'.

Click 'Text file (*.txt)'

In the Save File dialog box which appears, click on Desktop.

In the File name: box type a name for your scan log.

A message box named 'File Saved' should appear stating "Your file has been successfully exported ".

Click Ok

Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Log in or Sign up

Inactive Amazon said there were hackers in my aunts computer

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Amazon said there were hackers in my aunts computer

JusticeNY Well-Known Member Thread Starter

JusticeNY Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches