Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot state Security Center Service in Windows 7


  • This topic is locked This topic is locked
9 replies to this topic

#1 spielman

spielman

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 06 August 2014 - 03:40 AM

Had the FBI virus and used Hitman Pro to eliminate it.  However, I now my Windows Security Center will not open.    I've ran malwarebytes and that did not fix.  Here is log from FRST:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Mike at 2014-08-06 04:28:06
Running from C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WDPZWLF
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.15 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.11 - DELL)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fidelity Active Trader Pro® (HKLM-x32\...\{67247719-8EEC-4937-A01D-23347C24FF0F}) (Version: 9.8.84.0 - Fidelity Investments)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
InsiderBaseball 2014 (HKLM-x32\...\{DB78D78B-B73A-4067-8FC4-15103FE31D0A}) (Version: 15.4.1 - Fantistics)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 18.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0 (x86 en-US)) (Version: 18.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 18.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myfantasyleague.com Game Day 2013 (HKLM-x32\...\mflGameDay_is1) (Version: 1.0 - Sideline Software, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6638 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.86 - Realtek Semiconductor Corp.)
REGSERVO (HKLM\...\REGSERVO) (Version: 1.0.9.3 - Tuneup System Software Pvt Ltd.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SonicWALL SSL-VPN NetExtender (HKLM-x32\...\SonicWALL SSL-VPN NetExtender) (Version: 6.0.176 - SonicWALL, Inc.)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TinEye Internet Explorer plugin 1.2 (HKLM-x32\...\{AD1C7ACE-30DC-4107-B6A7-9495D12DC846}) (Version: 1.2.0 - Idée Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Upromise RewardU Toolbar (HKLM-x32\...\Upromise RewardU Toolbar) (Version:  - Upromise.com)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B12991A-B5FF-4891-A41D-BE6118E04B70} - System32\Tasks\AdobeAAMUpdater-1.0-Mike-PC-Mike => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {294BC13F-9657-4B47-9C9F-76018E672449} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\RegSERVO.exe [2013-07-24] (Tuneup System Software Pvt Ltd.)
Task: {401AF21B-2983-4997-AEC4-8331CFCF5DF9} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b1efa5df7e6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {54E4DCC0-F500-400E-AABA-85420949A576} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {9445BCC6-EDCB-4CE2-B22F-9D20E43FA1E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {AC17EEC1-C400-4D10-8684-A96DAA988554} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {C8508610-53E8-4D40-B09E-8BB5F8685CA9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F551CF0D-2FCE-4E23-8492-A6C56E15AE19} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b1efa5df7e6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-09-06 07:17 - 2012-01-11 18:48 - 00069632 _____ () C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe
2012-09-06 08:34 - 2012-03-19 19:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-06 07:24 - 2012-01-26 22:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-09-06 07:11 - 2011-01-12 20:17 - 00053248 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
2012-02-01 12:50 - 2012-02-01 12:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2012-09-06 07:11 - 2011-03-11 12:09 - 00028672 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\INDICATOR_OSD.DLL
2012-09-06 07:14 - 2012-01-20 15:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-03-10 18:53 - 2012-03-10 18:53 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2012-03-10 18:53 - 2012-03-10 18:53 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2014 03:40:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: Mike-PC)
Description: Product: Microsoft Fix it 50981 -- This Microsoft Fix it does not apply to your operating system or application version.

Error: (08/06/2014 03:15:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (08/06/2014 03:14:51 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (08/06/2014 03:13:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MediaButtons.exe, version: 1.0.0.10, time stamp: 0x4f56dcc6
Faulting module name: MediaButtons.exe, version: 1.0.0.10, time stamp: 0x4f56dcc6
Exception code: 0xc0000005
Fault offset: 0x0000227d
Faulting process id: 0x538
Faulting application start time: 0xMediaButtons.exe0
Faulting application path: MediaButtons.exe1
Faulting module path: MediaButtons.exe2
Report Id: MediaButtons.exe3

Error: (08/06/2014 02:35:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (08/06/2014 02:35:16 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (08/06/2014 02:34:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MediaButtons.exe, version: 1.0.0.10, time stamp: 0x4f56dcc6
Faulting module name: MediaButtons.exe, version: 1.0.0.10, time stamp: 0x4f56dcc6
Exception code: 0xc0000005
Fault offset: 0x0000227d
Faulting process id: 0x474
Faulting application start time: 0xMediaButtons.exe0
Faulting application path: MediaButtons.exe1
Faulting module path: MediaButtons.exe2
Report Id: MediaButtons.exe3

Error: (08/06/2014 01:48:05 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Mike-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (08/06/2014 01:38:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: JavaSetup7u67.com, version: 7.0.670.1, time stamp: 0x53d2c487
Faulting module name: JavaSetup7u67.com, version: 7.0.670.1, time stamp: 0x53d2c487
Exception code: 0xc0000409
Fault offset: 0x00012635
Faulting process id: 0x103c
Faulting application start time: 0xJavaSetup7u67.com0
Faulting application path: JavaSetup7u67.com1
Faulting module path: JavaSetup7u67.com2
Report Id: JavaSetup7u67.com3

Error: (08/06/2014 01:33:45 AM) (Source: MsiInstaller) (EventID: 10005) (User: Mike-PC)
Description: Product: Microsoft Fix it 50981 -- This Microsoft Fix it does not apply to your operating system or application version.

System errors:
=============
Error: (08/06/2014 04:19:51 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (08/06/2014 03:42:39 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (08/06/2014 03:41:50 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Microsoft Office Sessions:
=========================
Error: (08/06/2014 03:40:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: Mike-PC)
Description: Product: Microsoft Fix it 50981 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/06/2014 03:15:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (08/06/2014 03:14:51 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (08/06/2014 03:13:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MediaButtons.exe1.0.0.104f56dcc6MediaButtons.exe1.0.0.104f56dcc6c00000050000227d53801cfb145dd3fc0d9C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exeC:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe1e104086-1d39-11e4-8051-083e8e2cf27e

Error: (08/06/2014 02:35:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (08/06/2014 02:35:16 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (08/06/2014 02:34:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MediaButtons.exe1.0.0.104f56dcc6MediaButtons.exe1.0.0.104f56dcc6c00000050000227d47401cfb14059b5df1aC:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exeC:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exea7914de8-1d33-11e4-911f-083e8e2cf27e

Error: (08/06/2014 01:48:05 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Mike-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (08/06/2014 01:38:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: JavaSetup7u67.com7.0.670.153d2c487JavaSetup7u67.com7.0.670.153d2c487c000040900012635103c01cfb1388b6c7f63C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMK51XWP\JavaSetup7u67.comC:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMK51XWP\JavaSetup7u67.comef5eaa2b-1d2b-11e4-9be3-083e8e2cf27e

Error: (08/06/2014 01:33:45 AM) (Source: MsiInstaller) (EventID: 10005) (User: Mike-PC)
Description: Product: Microsoft Fix it 50981 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 8065.15 MB
Available physical RAM: 4071.91 MB
Total Pagefile: 16128.48 MB
Available Pagefile: 11067.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1843.16 GB) (Free:1771.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 1FDABE10)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1843 GB) - (Type=07 NTFS)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 06 August 2014 - 06:22 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Please post the FRST.txt and do the following:

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 spielman

spielman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 06 August 2014 - 06:52 PM

Hello Marius,

Thank you for your help.   The FRST.txt is posted above in this email stream.  The ark.text is posted below:

 

 

MER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-06 19:46:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST2000DM rev.CC4G 1863.02GB
Running: uj8jdf43.exe; Driver: C:\Users\Mike\AppData\Local\Temp\pxldypow.sys

---- Processes - GMER 2.1 ----

Process  C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDUO4TSM\uj8jdf43.exe (*** suspicious ***) @ C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDUO4TSM\uj8jdf43.exe [71572](2014-08-06 23:40:02)  0000000000400000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\083e8e2cf27e                                                                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\083e8e2cf27e@60a10adf95e2                                                                                                                                                                               0x6C 0xB1 0x54 0xAC ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\083e8e2cf27e (not active ControlSet)                                                                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\083e8e2cf27e@60a10adf95e2                                                                                                                                                                                   0x6C 0xB1 0x54 0xAC ...

---- EOF - GMER 2.1 ----



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 07 August 2014 - 02:17 AM

No, you´ve posted the addition.txt only.

Please post the other file as well. :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 spielman

spielman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 09 August 2014 - 07:57 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Mike at 2014-08-06 04:28:06
Running from C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WDPZWLF
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.15 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.11 - DELL)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fidelity Active Trader Pro® (HKLM-x32\...\{67247719-8EEC-4937-A01D-23347C24FF0F}) (Version: 9.8.84.0 - Fidelity Investments)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
InsiderBaseball 2014 (HKLM-x32\...\{DB78D78B-B73A-4067-8FC4-15103FE31D0A}) (Version: 15.4.1 - Fantistics)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 18.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0 (x86 en-US)) (Version: 18.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 18.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myfantasyleague.com Game Day 2013 (HKLM-x32\...\mflGameDay_is1) (Version: 1.0 - Sideline Software, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6638 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.86 - Realtek Semiconductor Corp.)
REGSERVO (HKLM\...\REGSERVO) (Version: 1.0.9.3 - Tuneup System Software Pvt Ltd.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SonicWALL SSL-VPN NetExtender (HKLM-x32\...\SonicWALL SSL-VPN NetExtender) (Version: 6.0.176 - SonicWALL, Inc.)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TinEye Internet Explorer plugin 1.2 (HKLM-x32\...\{AD1C7ACE-30DC-4107-B6A7-9495D12DC846}) (Version: 1.2.0 - Idée Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Upromise RewardU Toolbar (HKLM-x32\...\Upromise RewardU Toolbar) (Version:  - Upromise.com)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B12991A-B5FF-4891-A41D-BE6118E04B70} - System32\Tasks\AdobeAAMUpdater-1.0-Mike-PC-Mike => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {294BC13F-9657-4B47-9C9F-76018E672449} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\RegSERVO.exe [2013-07-24] (Tuneup System Software Pvt Ltd.)
Task: {401AF21B-2983-4997-AEC4-8331CFCF5DF9} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b1efa5df7e6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {54E4DCC0-F500-400E-AABA-85420949A576} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {9445BCC6-EDCB-4CE2-B22F-9D20E43FA1E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {AC17EEC1-C400-4D10-8684-A96DAA988554} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {C8508610-53E8-4D40-B09E-8BB5F8685CA9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F551CF0D-2FCE-4E23-8492-A6C56E15AE19} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b1efa5df7e6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-09-06 07:17 - 2012-01-11 18:48 - 00069632 _____ () C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe
2012-09-06 08:34 - 2012-03-19 19:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-06 07:24 - 2012-01-26 22:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-09-06 07:11 - 2011-01-12 20:17 - 00053248 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
2012-02-01 12:50 - 2012-02-01 12:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2012-09-06 07:11 - 2011-03-11 12:09 - 00028672 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\INDICATOR_OSD.DLL
2012-09-06 07:14 - 2012-01-20 15:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-03-10 18:53 - 2012-03-10 18:53 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2012-03-10 18:53 - 2012-03-10 18:53 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2014 03:40:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: Mike-PC)
Description: Product: Microsoft Fix it 50981 -- This Microsoft Fix it does not apply to your operating system or application version.

Error: (08/06/2014 03:15:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (08/06/2014 03:14:51 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (08/06/2014 03:13:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MediaButtons.exe, version: 1.0.0.10, time stamp: 0x4f56dcc6
Faulting module name: MediaButtons.exe, version: 1.0.0.10, time stamp: 0x4f56dcc6
Exception code: 0xc0000005
Fault offset: 0x0000227d
Faulting process id: 0x538
Faulting application start time: 0xMediaButtons.exe0
Faulting application path: MediaButtons.exe1
Faulting module path: MediaButtons.exe2
Report Id: MediaButtons.exe3

Error: (08/06/2014 02:35:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (08/06/2014 02:35:16 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (08/06/2014 02:34:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MediaButtons.exe, version: 1.0.0.10, time stamp: 0x4f56dcc6
Faulting module name: MediaButtons.exe, version: 1.0.0.10, time stamp: 0x4f56dcc6
Exception code: 0xc0000005
Fault offset: 0x0000227d
Faulting process id: 0x474
Faulting application start time: 0xMediaButtons.exe0
Faulting application path: MediaButtons.exe1
Faulting module path: MediaButtons.exe2
Report Id: MediaButtons.exe3

Error: (08/06/2014 01:48:05 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Mike-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (08/06/2014 01:38:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: JavaSetup7u67.com, version: 7.0.670.1, time stamp: 0x53d2c487
Faulting module name: JavaSetup7u67.com, version: 7.0.670.1, time stamp: 0x53d2c487
Exception code: 0xc0000409
Fault offset: 0x00012635
Faulting process id: 0x103c
Faulting application start time: 0xJavaSetup7u67.com0
Faulting application path: JavaSetup7u67.com1
Faulting module path: JavaSetup7u67.com2
Report Id: JavaSetup7u67.com3

Error: (08/06/2014 01:33:45 AM) (Source: MsiInstaller) (EventID: 10005) (User: Mike-PC)
Description: Product: Microsoft Fix it 50981 -- This Microsoft Fix it does not apply to your operating system or application version.

System errors:
=============
Error: (08/06/2014 04:19:51 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (08/06/2014 03:42:39 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (08/06/2014 03:41:50 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/06/2014 03:38:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Microsoft Office Sessions:
=========================
Error: (08/06/2014 03:40:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: Mike-PC)
Description: Product: Microsoft Fix it 50981 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/06/2014 03:15:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (08/06/2014 03:14:51 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (08/06/2014 03:13:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MediaButtons.exe1.0.0.104f56dcc6MediaButtons.exe1.0.0.104f56dcc6c00000050000227d53801cfb145dd3fc0d9C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exeC:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe1e104086-1d39-11e4-8051-083e8e2cf27e

Error: (08/06/2014 02:35:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (08/06/2014 02:35:16 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (08/06/2014 02:34:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MediaButtons.exe1.0.0.104f56dcc6MediaButtons.exe1.0.0.104f56dcc6c00000050000227d47401cfb14059b5df1aC:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exeC:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exea7914de8-1d33-11e4-911f-083e8e2cf27e

Error: (08/06/2014 01:48:05 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Mike-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (08/06/2014 01:38:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: JavaSetup7u67.com7.0.670.153d2c487JavaSetup7u67.com7.0.670.153d2c487c000040900012635103c01cfb1388b6c7f63C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMK51XWP\JavaSetup7u67.comC:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMK51XWP\JavaSetup7u67.comef5eaa2b-1d2b-11e4-9be3-083e8e2cf27e

Error: (08/06/2014 01:33:45 AM) (Source: MsiInstaller) (EventID: 10005) (User: Mike-PC)
Description: Product: Microsoft Fix it 50981 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 8065.15 MB
Available physical RAM: 4071.91 MB
Total Pagefile: 16128.48 MB
Available Pagefile: 11067.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1843.16 GB) (Free:1771.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 1FDABE10)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1843 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 12 August 2014 - 06:03 AM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 spielman

spielman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 12 August 2014 - 07:41 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by Mike (administrator) on MIKE-PC on 12-08-2014 20:29:51
Running from C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WDPZWLF
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(DELL INC.) C:\Program Files (x86)\Dell\DELLOSD\DELLOSD.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(DELL) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDUO4TSM\iTunes64Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() Q:\140066.enu\Office14\EXCELC.EXE
() Q:\140066.ENU\OFFICE14\OffSpon.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1175656 2012-05-11] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Chicony_OSD] => C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-01-20] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024 2012-03-06] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2813680801-1445144509-2663546519-1001\...\Run: [PxDotNetLoader] => C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe [44104 2013-05-01] (Fidelity Investments)
HKU\S-1-5-21-2813680801-1445144509-2663546519-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2813680801-1445144509-2663546519-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * bootdeletebootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - Default Value = {6f52f077-2dbf-f864-8da7-73cc1a21005a}
URLSearchHook: HKCU - FCToolbarURLSearchHook Class - {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dll ()
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {2EA73CF7-5761-4144-8F9E-04DD0882B3D9} URL = http://olmcdn.upromise.com/search.html?ourmark=4&qs={searchTerms}
SearchScopes: HKCU - {2EA73CF7-5761-4144-8F9E-04DD0882B3D9} URL = http://olmcdn.upromise.com/search.html?ourmark=4&qs={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {BCCF1642-EB46-4B51-8883-7DDF2A48C9DD} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Upromise RewardU Toolbar BHO -> {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} -> C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} -  No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lgq5wgcj.default
FF DefaultSearchEngine: AOL Search
FF Homepage: hxxp://www.aol.com/?mtmhp=hyplogusaolp00000003
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lgq5wgcj.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lgq5wgcj.default\Extensions\staged [2014-08-10]
FF Extension: Yahoo! Toolbar - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lgq5wgcj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-07-13]
FF Extension: AOL Toolbar - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\lgq5wgcj.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-30]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-03-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSearchKeyword: search.conduit.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-13]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-07]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-07]
CHR Extension: (Mickey Sketch Theme) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmaadlipkibabccamkbjjaklifnohhp [2013-03-19]
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0109781407633511mcinstcleanup; C:\Users\Mike\AppData\Local\Temp\010978~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 Dell WMI Service; C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe [69632 2012-01-11] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-22] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [544288 2012-04-13] (SonicWALL Inc.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-03-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 FintekCIR; C:\Windows\System32\DRIVERS\FintekCIR.sys [30824 2010-12-22] (Fintek)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
U3 mfeapfk01; No ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2012-04-13] (SonicWALL Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 20:02 - 2014-08-12 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-11 21:58 - 2014-08-11 21:58 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-10 09:46 - 2014-08-10 09:46 - 00000165 ____H () C:\Users\Mike\Documents\~$Your_Balances_Over_Time.xlsx
2014-08-10 05:08 - 2014-08-10 05:08 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files\iTunes
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-10 00:02 - 2014-08-10 00:06 - 00031170 _____ () C:\Users\Mike\Documents\Your_Balances_Over_Time.xlsx
2014-08-10 00:02 - 2014-08-10 00:02 - 00018842 _____ () C:\Users\Mike\Documents\Dividend history.csv
2014-08-09 21:19 - 2014-08-12 20:02 - 00001806 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-08-09 21:19 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-08-09 21:18 - 2014-08-09 21:18 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-08-09 21:17 - 2014-08-09 21:19 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-09 21:17 - 2014-08-09 21:17 - 00000000 ____D () C:\Program Files\McAfee.com
2014-08-06 22:21 - 2014-08-06 22:21 - 00021476 ____H () C:\Users\Mike\Documents\~WRL2462.tmp
2014-08-06 19:46 - 2014-08-06 19:46 - 00001802 _____ () C:\Users\Mike\Desktop\ark.txt
2014-08-06 04:30 - 2014-08-06 04:30 - 00037296 _____ () C:\Users\Mike\Desktop\Addition.txt
2014-08-06 04:27 - 2014-08-12 20:30 - 00000000 ____D () C:\FRST
2014-08-06 02:22 - 2014-08-11 23:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 02:17 - 2014-08-06 02:17 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-08-06 01:48 - 2014-08-06 01:48 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-08-06 01:36 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 01:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 01:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 01:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 01:35 - 2014-08-06 01:36 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-04 19:51 - 2014-08-04 19:58 - 00015043 _____ () C:\Users\Mike\Documents\BBM stats Aug 2014.xlsx
2014-07-31 20:21 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 20:21 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 20:21 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 20:21 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 20:21 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 20:21 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 20:21 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 20:21 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 20:21 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 20:21 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 20:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 20:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 20:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 20:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-23 22:08 - 2014-06-20 10:30 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.3c77.deleteme
2014-07-23 22:08 - 2014-06-20 10:30 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-07-23 00:56 - 2014-08-09 21:06 - 00000000 ____D () C:\Program Files\stinger
2014-07-13 23:04 - 2014-08-06 01:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-13 23:03 - 2014-07-13 23:04 - 00006774 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-13 23:03 - 2014-07-13 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-13 23:01 - 2014-07-13 23:01 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle
2014-07-13 22:55 - 2014-07-13 22:55 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-13 22:55 - 2014-07-13 22:55 - 00009724 _____ () C:\Windows\system32\bootdelete.lst
2014-07-13 22:42 - 2014-07-13 22:42 - 00020782 _____ () C:\Windows\system32\.crusader
2014-07-13 22:32 - 2014-07-13 22:43 - 00008142 _____ () C:\ProgramData\RUNDLL32.EXE-6808-F.txt
2014-07-13 22:31 - 2014-07-13 22:31 - 00001783 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-13 22:31 - 2014-07-13 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-13 22:31 - 2014-07-13 22:31 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-13 22:25 - 2014-07-13 22:27 - 00001601 _____ () C:\ProgramData\RUNDLL32.EXE-8412-F.txt
2014-07-13 22:20 - 2014-07-13 22:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-13 15:51 - 2014-07-13 15:51 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-7616-F.txt
2014-07-13 15:47 - 2014-07-13 15:47 - 00000000 __SHD () C:\found.000
2014-07-13 15:22 - 2014-08-06 02:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-13 15:22 - 2014-08-06 02:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-13 15:21 - 2014-08-06 02:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-13 15:21 - 2014-07-13 15:25 - 00001584 _____ () C:\ProgramData\RUNDLL32.EXE-4100-F.txt
2014-07-13 15:21 - 2014-07-13 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-13 15:21 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-13 15:21 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-13 15:21 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-13 15:19 - 2014-07-13 15:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-13 14:43 - 2014-07-13 14:59 - 00004822 _____ () C:\ProgramData\RUNDLL32.EXE-11424-F.txt
2014-07-13 14:11 - 2014-07-13 14:11 - 00000440 _____ () C:\ProgramData\RUNDLL32.EXE-7884-F.txt
2014-07-13 13:47 - 2014-07-13 13:49 - 00001257 _____ () C:\ProgramData\RUNDLL32.EXE-8900-F.txt
2014-07-13 13:40 - 2014-07-13 13:40 - 00000438 _____ () C:\ProgramData\RUNDLL32.EXE-5692-F.txt
2014-07-13 13:15 - 2014-07-13 13:35 - 00506292 _____ () C:\ProgramData\RUNDLL32.EXE-7388-F.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 20:30 - 2014-08-06 04:27 - 00000000 ____D () C:\FRST
2014-08-12 20:24 - 2012-09-06 07:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 20:02 - 2014-08-12 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-12 20:02 - 2014-08-09 21:19 - 00001806 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-08-12 19:54 - 2014-05-08 20:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b1efa5df7e6.job
2014-08-12 19:53 - 2012-09-06 06:59 - 02016677 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 23:05 - 2014-08-06 02:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 22:49 - 2012-12-07 13:03 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 21:58 - 2014-08-11 21:58 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-11 21:58 - 2012-09-29 00:24 - 00000000 ____D () C:\Users\Mike\Documents\Bluetooth Folder
2014-08-10 10:44 - 2012-09-29 00:20 - 00066416 _____ () C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-10 09:46 - 2014-08-10 09:46 - 00000165 ____H () C:\Users\Mike\Documents\~$Your_Balances_Over_Time.xlsx
2014-08-10 05:16 - 2012-09-06 07:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-10 05:16 - 2012-09-06 07:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-10 05:16 - 2012-09-06 07:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-10 05:14 - 2013-01-08 20:23 - 00000000 ____D () C:\Users\Mike\AppData\Local\Mozilla
2014-08-10 05:08 - 2014-08-10 05:08 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files\iTunes
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-10 05:04 - 2013-11-23 21:08 - 00000000 ____D () C:\ProgramData\Apple
2014-08-10 04:59 - 2013-01-08 20:22 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 04:59 - 2013-01-08 20:22 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 04:59 - 2013-01-08 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-10 04:59 - 2013-01-08 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 04:51 - 2013-11-23 17:31 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Upromise RewardU Toolbar
2014-08-10 04:51 - 2013-09-29 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-08-10 02:21 - 2012-09-06 07:42 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-10 00:06 - 2014-08-10 00:02 - 00031170 _____ () C:\Users\Mike\Documents\Your_Balances_Over_Time.xlsx
2014-08-10 00:02 - 2014-08-10 00:02 - 00018842 _____ () C:\Users\Mike\Documents\Dividend history.csv
2014-08-09 22:21 - 2012-09-30 15:38 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\SoftGrid Client
2014-08-09 21:28 - 2012-09-29 02:04 - 00000000 ____D () C:\Users\Mike\AppData\Local\Nero
2014-08-09 21:19 - 2014-08-09 21:17 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-09 21:19 - 2012-09-29 00:55 - 00000000 ____D () C:\Program Files\McAfee
2014-08-09 21:19 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 21:19 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 21:18 - 2014-08-09 21:18 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-08-09 21:18 - 2012-09-29 00:55 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-09 21:17 - 2014-08-09 21:17 - 00000000 ____D () C:\Program Files\McAfee.com
2014-08-09 21:12 - 2012-09-06 07:24 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-08-09 21:12 - 2010-11-20 23:47 - 00403832 _____ () C:\Windows\PFRO.log
2014-08-09 21:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 21:12 - 2009-07-14 00:51 - 00051254 _____ () C:\Windows\setupact.log
2014-08-09 21:06 - 2014-07-23 00:56 - 00000000 ____D () C:\Program Files\stinger
2014-08-06 22:21 - 2014-08-06 22:21 - 00021476 ____H () C:\Users\Mike\Documents\~WRL2462.tmp
2014-08-06 19:46 - 2014-08-06 19:46 - 00001802 _____ () C:\Users\Mike\Desktop\ark.txt
2014-08-06 10:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-06 04:30 - 2014-08-06 04:30 - 00037296 _____ () C:\Users\Mike\Desktop\Addition.txt
2014-08-06 02:57 - 2014-07-13 15:22 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 02:57 - 2014-07-13 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 02:57 - 2014-07-13 15:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 02:33 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-08-06 02:17 - 2014-08-06 02:17 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-08-06 01:48 - 2014-08-06 01:48 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-08-06 01:38 - 2012-09-30 16:24 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2014-08-06 01:36 - 2014-08-06 01:35 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 01:36 - 2014-07-13 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 01:36 - 2012-11-04 11:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-06 01:22 - 2009-07-14 01:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 00:36 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-06 00:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-04 19:58 - 2014-08-04 19:51 - 00015043 _____ () C:\Users\Mike\Documents\BBM stats Aug 2014.xlsx
2014-07-25 12:55 - 2014-08-06 01:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-06 01:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-06 01:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-06 01:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-24 03:01 - 2012-11-07 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 03:00 - 2012-11-07 11:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:00 - 2012-11-07 11:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-19 09:37 - 2012-12-07 13:03 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-13 23:04 - 2014-07-13 23:03 - 00006774 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-13 23:03 - 2014-07-13 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-13 23:01 - 2014-07-13 23:01 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle
2014-07-13 22:55 - 2014-07-13 22:55 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-13 22:55 - 2014-07-13 22:55 - 00009724 _____ () C:\Windows\system32\bootdelete.lst
2014-07-13 22:43 - 2014-07-13 22:32 - 00008142 _____ () C:\ProgramData\RUNDLL32.EXE-6808-F.txt
2014-07-13 22:43 - 2014-07-13 22:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-13 22:42 - 2014-07-13 22:42 - 00020782 _____ () C:\Windows\system32\.crusader
2014-07-13 22:31 - 2014-07-13 22:31 - 00001783 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-13 22:31 - 2014-07-13 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-13 22:31 - 2014-07-13 22:31 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-13 22:27 - 2014-07-13 22:25 - 00001601 _____ () C:\ProgramData\RUNDLL32.EXE-8412-F.txt
2014-07-13 15:51 - 2014-07-13 15:51 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-7616-F.txt
2014-07-13 15:47 - 2014-07-13 15:47 - 00000000 __SHD () C:\found.000
2014-07-13 15:34 - 2012-09-06 07:34 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-13 15:34 - 2012-09-06 07:34 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-13 15:25 - 2014-07-13 15:21 - 00001584 _____ () C:\ProgramData\RUNDLL32.EXE-4100-F.txt
2014-07-13 15:21 - 2014-07-13 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-13 15:20 - 2014-07-13 15:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-13 14:59 - 2014-07-13 14:43 - 00004822 _____ () C:\ProgramData\RUNDLL32.EXE-11424-F.txt
2014-07-13 14:11 - 2014-07-13 14:11 - 00000440 _____ () C:\ProgramData\RUNDLL32.EXE-7884-F.txt
2014-07-13 13:49 - 2014-07-13 13:47 - 00001257 _____ () C:\ProgramData\RUNDLL32.EXE-8900-F.txt
2014-07-13 13:40 - 2014-07-13 13:40 - 00000438 _____ () C:\ProgramData\RUNDLL32.EXE-5692-F.txt
2014-07-13 13:35 - 2014-07-13 13:15 - 00506292 _____ () C:\ProgramData\RUNDLL32.EXE-7388-F.txt
2014-07-13 13:13 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
ZeroAccess:
C:\Users\Mike\AppData\Local\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\0088721407632866mcinst.exe
C:\Users\Mike\AppData\Local\Temp\0109781407633511mcinst.exe
C:\Users\Mike\AppData\Local\Temp\contentDATs.exe
C:\Users\Mike\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mike\AppData\Local\Temp\mssinstaller.exe
C:\Users\Mike\AppData\Local\Temp\SecurityScan_Release.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-07 00:53

==================== End Of Log ============================



#8 spielman

spielman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 13 August 2014 - 09:29 PM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-13 22:27:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST2000DM rev.CC4G 1863.02GB
Running: 14t8jboj.exe; Driver: C:\Users\Mike\AppData\Local\Temp\pxldypow.sys

---- Processes - GMER 2.1 ----

Library  Q:\140066.enu\Office14\EXCELC.EXE (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                                                                     000000002f260000
Library  Q:\140066.enu\Office14\gfx.dll (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                                                                        0000000054970000
Library  Q:\140066.enu\Office14\oart.dll (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                                                                       0000000041ff0000
Library  Q:\140066.enu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSO.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                        0000000038960000
Library  Q:\140066.enu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                            0000000051930000
Library  Q:\140066.enu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                               0000000053cb0000
Library  Q:\140066.enu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\RICHED20.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                   000000005c280000
Library  Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT SHARED\OFFICE14\MSORES.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                     000000000ff00000
Library  Q:\140066.enu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Csi.dll (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                        00000000501b0000
Library  Q:\140066.enu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSPTLS.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                     000000005d7e0000
Library  Q:\140066.enu\Office14\MSOSTYLE.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                                                                   0000000073600000
Library  Q:\140066.enu\Office14\msproof7.dll (*** suspicious ***) @ Q:\140066.enu\Office14\EXCELC.EXE [115660]                                                                                                                                                                   000000006f570000
Library  Q:\140066.enu\Office14\OffSpon.EXE (*** suspicious ***) @ Q:\140066.enu\Office14\OffSpon.EXE [89824]                                                                                                                                                                    000000002dc00000
Library  Q:\140066.ENU\OFFICE14\msadctls.dll (*** suspicious ***) @ Q:\140066.enu\Office14\OffSpon.EXE [89824]                                                                                                                                                                   000000005ced0000
Process  C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMK51XWP\14t8jboj.exe (*** suspicious ***) @ C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMK51XWP\14t8jboj.exe [238568](2014-08-13 00:37:18)  0000000000400000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\083e8e2cf27e                                                                                                                                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\083e8e2cf27e@60a10adf95e2                                                                                                                                                                                0x6C 0xB1 0x54 0xAC ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\083e8e2cf27e (not active ControlSet)                                                                                                                                                                        
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\083e8e2cf27e@60a10adf95e2                                                                                                                                                                                    0x6C 0xB1 0x54 0xAC ...

---- EOF - GMER 2.1 ----



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 14 August 2014 - 05:06 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 08 September 2014 - 09:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users