Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mums computer HJTL


  • This topic is locked This topic is locked
36 replies to this topic

#1 zuruikyuubi

zuruikyuubi

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 15 January 2015 - 06:59 PM

Unable to install IE 11, Windows updates not working, takes forever, slow. if someone could look over the HJT log. I need a new set of eyes on the problem.

I have attached the log

 

windows 7 sp1 x64. Dell laptop



BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:29 AM

Posted 16 January 2015 - 05:10 AM

Hi zuruikyuubi, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • Farbar Log(s)--
      • FRST.txt
      • Addition.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 zuruikyuubi

zuruikyuubi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 16 January 2015 - 06:47 PM

Hello Valinorum,

 

First I want to say thank you for helping me.

 

here are the two logs you requested

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by dell (administrator) on TINASLAPTOP on 16-01-2015 17:38:42
Running from C:\Users\dell\Downloads
Loaded Profiles: dell (Available profiles: dell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] => C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe [80448 2010-12-15] (ArcSoft, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Run: [Google Update] => C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Run: [Facebook Update] => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: E - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {0671fb22-026f-11e1-b733-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {4e5e543e-3638-11e0-81fa-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {5babd309-0261-11e1-8d0c-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {6c280b31-073c-11df-b548-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {6ee7d499-31c9-11e1-8bb8-a4badb964717} - E:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {784139ac-371b-11e0-964d-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {aad07c71-b64a-11e0-b7f9-a4badb964717} - E:\PcOptions.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {BE87C7CE-AB30-4C9E-9E75-F6808AC9EF6C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {EA289961-37B5-486A-9BEF-44C78D8C5534} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> DefaultScope {D611F701-14ED-457F-8AE6-50150947647C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg114
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.pogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm704^YYA^us&ptb=A964B095-B033-4ED7-A657-396241242FF1&psa=&ind=2014021319&st=sb&n=780b86c7&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {3DCA0589-263C-4DF7-8FFA-F3E931CC9EC9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN11610716921122226&UM=2
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {57685D30-F004-4986-9E15-ABA8700E2F53} URL = http://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {D611F701-14ED-457F-8AE6-50150947647C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg114
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {EA289961-37B5-486A-9BEF-44C78D8C5534} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: HKLM-x32 {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @eximion.com/KalydoPlayer3.08.01 -> C:\Users\dell\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\dell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @talk.google.com/O1DPlugin -> C:\Users\dell\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @tools.google.com/Google Update;version=3 -> C:\Users\dell\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @tools.google.com/Google Update;version=9 -> C:\Users\dell\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dell\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dell\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\searchplugins\askcom.xml
FF Extension: GamingWonderland - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\Extensions\gtffxtbr@GamingWonderland.com [2014-09-27]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\Extensions\LogMeInClient@logmein.com [2011-03-14]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-11-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-08-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-08-11]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-11-25]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\dell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\dell\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\dell\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (3DVIA player) - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\dell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\dell\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (Adblock Plus) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-06]
CHR Extension: (WhiteSmoke New) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-05-03]
CHR Extension: (Google Wallet) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-03]
CHR HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR StartMenuInternet: Google Chrome - C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-23] (Google Inc)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [318336 2009-11-03] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2009-11-03] (Beceem communications pvt ltd.)
S3 cm_net; C:\Windows\System32\DRIVERS\cm_net.sys [133120 2008-05-29] (C-motech Co.,Ltd.)
S3 cm_ser; C:\Windows\System32\DRIVERS\cm_ser.sys [118272 2008-05-29] (C-motech Co.,Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RSUSBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [50176 2013-04-26] (Realtek Semiconductor Corp.)
S3 RSUSBCCID; C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys [50176 2009-11-06] (Realtek Semiconductor Corp.)
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-03] (QUALCOMM Incorporated)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\Afc.sys 6CCD1135320109D6B219F1A6E04AD9F6
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\smhwadb.sys 9C59BF508C5D408BB348254E0BA2EE30
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\drxvi314_64.sys 2BC216938A30981473FFEDB251196095
C:\Windows\System32\drivers\BCM42RLY.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys D127A82E01D64B6DD6A838DB710CCEA9
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cm_net.sys F749E9CABB1572649715EC69BD68CA4E
C:\Windows\System32\DRIVERS\cm_ser.sys E9E160FED596D6555DE17BC7A78AA424
C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 4F6FB2CDBDEEFC47E7D2066E78254580
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B
C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys C903D49655B4AAE46673F0AAA6BE0F58
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsUCcid.sys 5C62508A344A2A13F6A7A85286AE8F62
C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys 5C62508A344A2A13F6A7A85286AE8F62
C:\Windows\System32\Drivers\RtsUStor.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smhwdev.sys D6A7B4B28FA50EFEBC67168FAA23F158
C:\Windows\System32\DRIVERS\smhwser.sys 9122A68375D990280644DF33973B506A
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 3178B56219E0E4FB5F95299E49B83B44
C:\Windows\System32\drivers\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\System32\DRIVERS\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 17:38 - 2015-01-16 17:39 - 00049159 _____ () C:\Users\dell\Downloads\FRST.txt
2015-01-16 17:37 - 2015-01-16 17:38 - 00000000 ____D () C:\FRST
2015-01-16 17:37 - 2015-01-16 17:37 - 02125312 _____ (Farbar) C:\Users\dell\Downloads\FRST64.exe
2015-01-16 17:37 - 2015-01-16 17:37 - 02125312 _____ (Farbar) C:\Users\dell\Downloads\FRST64 (1).exe
2015-01-15 23:21 - 2015-01-15 23:21 - 00284179 _____ () C:\Users\dell\Desktop\view;_ylt=AwrB8pacn7hUJzgA27yJzbkF;_ylu=X3oDMTIyMzR2bG43BHNlYwNzcgRzbGsDaW1nBG9pZANlYTMwODVjZmVlZDk5MGFjMzA0YjQ1NTFjYjZlNzcwNgRncG9zAzIEaXQDYmluZw--.htm
2015-01-15 17:41 - 2015-01-15 17:52 - 00013881 _____ () C:\Users\dell\Downloads\hijackthis.log
2015-01-15 17:40 - 2015-01-15 17:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\dell\Downloads\HijackThis.exe
2015-01-15 17:36 - 2015-01-15 17:37 - 55915216 _____ (Microsoft Corporation) C:\Users\dell\Downloads\IE11-Windows6.1-x64-en-us (1).exe
2014-12-24 20:14 - 2014-12-24 20:14 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 17:39 - 2009-07-13 23:10 - 01267259 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 17:39 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:39 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:36 - 2009-07-13 23:13 - 00846282 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 17:32 - 2012-09-05 09:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 17:31 - 2012-09-09 08:05 - 00098125 _____ () C:\Windows\setupact.log
2015-01-16 17:31 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 23:31 - 2012-06-16 14:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 23:29 - 2012-09-05 09:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 23:18 - 2010-08-28 19:54 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000UA.job
2015-01-15 17:49 - 2014-09-27 20:32 - 00000134 _____ () C:\Users\dell\Desktop\Internet Explorer Troubleshooting.url
2015-01-15 17:49 - 2014-09-03 12:51 - 00050906 _____ () C:\Windows\IE11_main.log
2015-01-15 17:40 - 2010-04-27 14:53 - 00000000 ____D () C:\Users\dell\AppData\Local\VirtualStore
2015-01-15 17:37 - 2011-05-08 18:27 - 00002370 _____ () C:\Users\dell\Desktop\Google Chrome.lnk
2015-01-14 22:41 - 2010-05-31 04:06 - 00000000 ____D () C:\Users\dell\AppData\Local\Adobe
2015-01-14 22:31 - 2012-06-16 14:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 22:31 - 2012-06-16 14:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 22:31 - 2011-07-01 08:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 22:25 - 2011-12-17 10:15 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000UA.job
2015-01-09 15:18 - 2010-08-28 19:54 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000Core.job
2014-12-31 05:14 - 2010-08-29 19:17 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 15:14 - 2011-12-17 10:15 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000Core.job
 
Files to move or delete:
====================
C:\Users\dell\gotomypc_428.exe
C:\Users\dell\jagex_cl_runescape_LIVE.dat
C:\Users\dell\jagex_runescape_preferences.dat
C:\Users\dell\jagex_runescape_preferences2.dat
C:\Users\dell\jagex__preferences3.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {e130b710-0739-11df-b917-a2f878692dca}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 10
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {e130b712-0739-11df-b917-a2f878692dca}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e130b710-0739-11df-b917-a2f878692dca}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {e130b712-0739-11df-b917-a2f878692dca}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{e130b713-0739-11df-b917-a2f878692dca}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{e130b713-0739-11df-b917-a2f878692dca}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {e130b710-0739-11df-b917-a2f878692dca}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {e130b713-0739-11df-b917-a2f878692dca}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2014-09-11 16:37
 
==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by dell at 2015-01-16 17:40:27
Running from C:\Users\dell\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DVIA player 5.0 (HKLM-x32\...\{4E868D3D-6EEB-4273-926C-2287236B5B79}) (Version: 5.0.0.15 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM-x32\...\{C975D391-7BF6-44A0-A4FF-EDF3CFD88F68}) (Version: 2.0.24.1050 - ArcSoft)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{3B755EF7-F860-4F72-9A2D-5216CB48BA7C}) (Version:  - ArcSoft)
ArcSoft VideoImpression 2 (HKLM-x32\...\{66E0EB37-6024-4872-897A-8E83AF1C87CA}) (Version:  - ArcSoft)
Boggle (remove only) (HKLM-x32\...\Boggle) (Version:  - )
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.3.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.28 - DivX, LLC)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalydo Player 3.08.01 (HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\KalydoPlayer) (Version: 3.08.01 - Eximion B.V.)
KODAK Share Button App (HKLM-x32\...\{19F1A99A-196F-4D18-BC36-C1DAD6ABCCF3}) (Version: 4.00.0000.0000 - Eastman Kodak Company)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 23.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0 (x86 en-US)) (Version: 23.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.3 - Pando Networks Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.00042 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Runes of Magic (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 3.0.5.2262.slim - Frogster Interactive Pictures)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.7.8773 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}) (Version: 4.3.1.0 - Husdawg, LLC)
The Price is Right (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114767253}) (Version:  - Oberon Media)
TightVNC 2.0.3 (HKLM-x32\...\TightVNC) (Version: 2.0.3 - GlavSoft LLC.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.7.0 - Flagship Industries, Inc.)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WSOP-USA.com (HKLM-x32\...\WSOP-USA.com) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\dell\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dell\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\dell\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\dell\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dell\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dell\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
16-10-2014 15:41:07 Windows Update
16-10-2014 15:49:17 Windows Update
23-10-2014 11:13:29 Windows Update
23-10-2014 11:52:56 Installed Microsoft Fix it 50202
30-10-2014 18:28:19 Windows Update
06-11-2014 17:16:14 Windows Update
13-11-2014 13:14:31 Windows Update
20-11-2014 11:40:04 Windows Update
23-11-2014 16:25:30 Windows Update
24-11-2014 15:14:15 Windows Update
30-11-2014 13:02:04 Windows Update
07-12-2014 14:54:50 Windows Update
14-12-2014 08:40:13 Windows Update
21-12-2014 14:40:11 Windows Update
30-12-2014 15:15:40 Windows Update
06-01-2015 14:24:26 Windows Update
13-01-2015 14:47:22 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2015-01-15 17:52 - 00000829 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02C1F404-51F5-430C-82AB-D79A91099D0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {0471B0CF-8D26-476D-98F2-606A7ECA6ECD} - System32\Tasks\DHWSGSJ1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {12B090B3-2992-410D-AB87-F9771A5F18F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {2B31691D-BB9C-4EDF-BB04-CE76089421F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {2BCCAAB4-2BBE-471B-B6E7-5ABAB663F496} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {30806DF2-4CD5-4D43-878F-07C74092B82F} - System32\Tasks\{022B37BF-771E-482F-A5C9-BB13475A9672} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {3F2EDB3B-4565-4C51-8FFD-DA95CBD5DA23} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000Core => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {454B871A-1998-46A6-B0D1-F5868A759228} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000UA => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {62E82861-85A6-4BCA-82C2-6CD980E5943C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000UA => C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {6762E9F5-7357-4507-B18D-AB9ACABCB57A} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {7400F5B4-22E3-441B-9976-B0D08F956FCD} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {85CE22A1-16E9-4EC9-8F04-24761CC96536} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {962F96E6-D2E4-4A66-ACD5-261CF6B0853B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000Core => C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {983B807F-10DD-413C-9C5F-95F7BCAA5313} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2011-09-22] (Eastman Kodak Company)
Task: {B2F8E56C-B53A-4CD2-8C8A-8EB7195F3C00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B9B6BB8B-E715-40B4-803A-3A11DAE11F1D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E49B261A-ACFB-49D4-B300-DE3B659FBDB3} - System32\Tasks\{4421FA07-5412-45F0-A5FA-5D9E86C1E743} => pcalua.exe -a C:\WINDOWS\ISUNINST.EXE -c -f"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Task: {F5F2C4CC-194E-4BB1-A94E-3FE7BE1C9F07} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000Core.job => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000UA.job => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000Core.job => C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000UA.job => C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-22 02:05 - 2009-07-16 19:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-01-22 02:05 - 2009-07-16 19:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-19 17:25 - 2012-06-19 17:25 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\23e010548e66d9b4e7aed5ac7ff54a13\VistaBridgeLibrary.ni.dll
2009-10-15 03:10 - 2009-10-15 03:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2013-02-12 20:37 - 2013-02-12 20:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-01-22 02:13 - 2009-09-17 13:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-01-22 02:13 - 2009-09-17 13:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2013-02-12 20:38 - 2013-02-12 20:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-15 17:37 - 2015-01-08 18:35 - 01077064 _____ () C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-15 17:37 - 2015-01-08 18:35 - 00211272 _____ () C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-15 17:37 - 2015-01-08 18:35 - 09009480 _____ () C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-15 17:37 - 2015-01-08 18:35 - 01677128 _____ () C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5B85C37B
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2343957900-2653222491-1802401330-500 - Administrator - Disabled)
dell (S-1-5-21-2343957900-2653222491-1802401330-1000 - Administrator - Enabled) => C:\Users\dell
Guest (S-1-5-21-2343957900-2653222491-1802401330-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2343957900-2653222491-1802401330-1008 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/16/2015 05:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0xdc0
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
Error: (01/16/2015 05:40:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0x1308
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
Error: (01/16/2015 05:39:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0x7ec
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
Error: (01/16/2015 05:39:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0x2bc
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
Error: (01/16/2015 05:38:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0xb58
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
Error: (01/16/2015 05:38:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0x844
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
Error: (01/16/2015 05:38:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0x958
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
Error: (01/16/2015 05:37:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0xc28
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
Error: (01/16/2015 05:37:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0xdc4
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
Error: (01/16/2015 05:36:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: cbscore.dll, version: 6.1.7601.17592, time stamp: 0x4da00179
Exception code: 0xc0000005
Fault offset: 0x000000000009adf8
Faulting process id: 0x1b4
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3
 
 
System errors:
=============
Error: (01/16/2015 05:40:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 16 time(s).
 
Error: (01/16/2015 05:40:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 15 time(s).
 
Error: (01/16/2015 05:39:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 14 time(s).
 
Error: (01/16/2015 05:39:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 13 time(s).
 
Error: (01/16/2015 05:38:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 12 time(s).
 
Error: (01/16/2015 05:38:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 11 time(s).
 
Error: (01/16/2015 05:38:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 10 time(s).
 
Error: (01/16/2015 05:37:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 9 time(s).
 
Error: (01/16/2015 05:37:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 8 time(s).
 
Error: (01/16/2015 05:36:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 7 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (01/16/2015 05:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf8dc001d031e5e1a14864C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dll1f5374b4-9dd9-11e4-ae99-a4badb964717
 
Error: (01/16/2015 05:40:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf8130801d031e5cfbc2478C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dll0d76b541-9dd9-11e4-ae99-a4badb964717
 
Error: (01/16/2015 05:39:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf87ec01d031e5bdd76235C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dllfb912fad-9dd8-11e4-ae99-a4badb964717
 
Error: (01/16/2015 05:39:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf82bc01d031e5abf36343C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dlle9a58f93-9dd8-11e4-ae99-a4badb964717
 
Error: (01/16/2015 05:38:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf8b5801d031e59a0f02a8C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dlld7c0cd50-9dd8-11e4-ae99-a4badb964717
 
Error: (01/16/2015 05:38:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf884401d031e5982a8951C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dlld5dd78f2-9dd8-11e4-ae99-a4badb964717
 
Error: (01/16/2015 05:38:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf895801d031e58829debdC:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dllc5dba965-9dd8-11e4-ae99-a4badb964717
 
Error: (01/16/2015 05:37:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf8c2801d031e5764297e1C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dllb3fd28aa-9dd8-11e4-ae99-a4badb964717
 
Error: (01/16/2015 05:37:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf8dc401d031e5645d1234C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dlla20f3e84-9dd8-11e4-ae99-a4badb964717
 
Error: (01/16/2015 05:36:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bcbscore.dll6.1.7601.175924da00179c0000005000000000009adf81b401d031e552756370C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dll90272e18-9dd8-11e4-ae99-a4badb964717
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-10-14 10:28:46.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-10-14 10:18:19.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-10-14 10:17:02.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-10-14 10:06:04.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 45%
Total physical RAM: 4056.36 MB
Available physical RAM: 2226.12 MB
Total Pagefile: 8110.92 MB
Available Pagefile: 6058.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:206.4 GB) NTFS
Drive d: (RT516X-091106) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: CF5ACF27)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:29 AM

Posted 17 January 2015 - 03:40 AM

Do you know the file: C:\Users\dell\Desktop\view;_ylt=AwrB8pacn7hUJzgA27yJzbkF;_ylu=X3oDMTIyMzR2bG43BHNlYwNzcgRzbGsDaW1nBG9pZANlYTMwODVjZmVlZDk5MGFjMzA0YjQ1NTFjYjZlNzcwNgRncG9zAzIEaXQDYmluZw--.htm?


 
  • Step #2 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • Java 7 Update 60 (Oudated)
    • McAfee Security Scan Plus
    • Pando Media Booster
 
  • Step #3 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      Emptytemp:
      HKLM\...\Run: [] => [X]
      HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Run: [Google Update] => C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
      SearchScopes: HKLM -> DefaultScope value is missing.
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      SearchScopes: HKLM-x32 -> DefaultScope value is missing.
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      SearchScopes: HKLM-x32 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=9Nxdm003YYus&ptnrS=9Nxdm003YYus&si=CNfBq4fZ9LICFbKiPAodwVUArg&ptb=64506695-C86B-44C7-9AD5-54D78835941D&ind=2012100915&n=77ee3933&psa=&st=sb&searchfor={searchTerms}
      SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm704^YYA^us&ptb=A964B095-B033-4ED7-A657-396241242FF1&psa=&ind=2014021319&st=sb&n=780b86c7&searchfor={searchTerms}
      SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=9Nxdm003YYus&ptnrS=9Nxdm003YYus&si=CNfBq4fZ9LICFbKiPAodwVUArg&ptb=64506695-C86B-44C7-9AD5-54D78835941D&ind=2012100915&n=77ee3933&psa=&st=sb&searchfor={searchTerms}
      SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.pogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm704^YYA^us&ptb=A964B095-B033-4ED7-A657-396241242FF1&psa=&ind=2014021319&st=sb&n=780b86c7&searchfor={searchTerms}
      SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {3DCA0589-263C-4DF7-8FFA-F3E931CC9EC9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN11610716921122226&UM=2
      SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {57685D30-F004-4986-9E15-ABA8700E2F53} URL = http://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {7CA03387-1F74-4776-8CB7-D6E072151AA4} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=0EAE74FD-F2E8-4BF0-BC1E-2ED5EEB9B27E&apn_sauid=D85FEB9A-6B19-4C17-8265-0BDB447C10CE
      SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {EA289961-37B5-486A-9BEF-44C78D8C5534} URL = 
      Toolbar: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
      FF DefaultSearchEngine: Ask.com
      FF SearchEngineOrder.1: Ask.com
      FF SelectedSearchEngine: Ask.com
      FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
      FF SearchPlugin: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\searchplugins\askcom.xml
      CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
      CHR HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
      C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
      CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
      AlternateDataStreams: C:\ProgramData\TEMP:5B85C37B
      File: C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe
      CMD: type "C:\Users\dell\Downloads\hijackthis.log"
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #4 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #5 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 Scan with Farbar Service Scanner
    • Please download Farbar Service Scanner by Farbar to your Desktop from the link below.
      Download Link
    • Right-click and choose Run as Administrator;
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
 
  • Required Log(s):
    • FRST Fix Log
    • AdwCleaner Log
    • Junkware Removal Tool Log
    • FSS.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 zuruikyuubi

zuruikyuubi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 18 January 2015 - 02:39 PM

I do not know what that file is.

also some new programs just started popping up

slowpc fighter

genuisbox

keepmysettingsx

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01

Ran by dell at 2015-01-17 15:17:13 Run:1
Running from C:\Users\dell\Desktop
Loaded Profiles: dell (Available profiles: dell)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Emptytemp:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Run: [Google Update] => C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.pogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm704^YYA^us&ptb=A964B095-B033-4ED7-A657-396241242FF1&psa=&ind=2014021319&st=sb&n=780b86c7&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {3DCA0589-263C-4DF7-8FFA-F3E931CC9EC9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN11610716921122226&UM=2
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {57685D30-F004-4986-9E15-ABA8700E2F53} URL = http://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {EA289961-37B5-486A-9BEF-44C78D8C5534} URL = 
Toolbar: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\searchplugins\askcom.xml
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
AlternateDataStreams: C:\ProgramData\TEMP:5B85C37B
File: C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe
CMD: type "C:\Users\dell\Downloads\hijackthis.log"
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{35e9438f-19d4-4516-b2ac-59ba9241de4d} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}" => Key deleted successfully.
HKCR\CLSID\{35e9438f-19d4-4516-b2ac-59ba9241de4d} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => Key deleted successfully.
HKCR\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}" => Key deleted successfully.
HKCR\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3DCA0589-263C-4DF7-8FFA-F3E931CC9EC9}" => Key deleted successfully.
HKCR\CLSID\{3DCA0589-263C-4DF7-8FFA-F3E931CC9EC9} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57685D30-F004-4986-9E15-ABA8700E2F53}" => Key deleted successfully.
HKCR\CLSID\{57685D30-F004-4986-9E15-ABA8700E2F53} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CA03387-1F74-4776-8CB7-D6E072151AA4}" => Key deleted successfully.
HKCR\CLSID\{7CA03387-1F74-4776-8CB7-D6E072151AA4} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA289961-37B5-486A-9BEF-44C78D8C5534}" => Key deleted successfully.
HKCR\CLSID\{EA289961-37B5-486A-9BEF-44C78D8C5534} => Key not found. 
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin => Key not found. 
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\searchplugins\askcom.xml => Moved successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi" => Key deleted successfully.
C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx => Moved successfully.
"C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi" => Key deleted successfully.
"C:\Users\dell\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
C:\ProgramData\TEMP => ":5B85C37B" ADS removed successfully.
 
========================= File: C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe ========================
 
MD5: 51508F0C2476177E50C31B0BBFBF1BDB
Creation and modification date: 2010-08-28 19:54 - 2014-10-21 13:31
Size: 0107912
Attributes: ---AT
Company Name: Google Inc.
Internal Name: Google Update
Original Name: GoogleUpdate.exe
Product Name: Google Update
Description: Google Installer
File Version: 1.3.25.5
Product Version: 1.3.25.5
Copyright: Copyright 2007-2010 Google Inc.
 
====== End Of File: ======
 
 
=========  type "C:\Users\dell\Downloads\hijackthis.log" =========
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:52:49 PM, on 1/15/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
CHROME: 39.0.2171.99
FIREFOX: 23.0 (en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Google Update] "C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13879 bytes
 
========= End of CMD: =========
 
EmptyTemp: => Removed 12.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:52:47 ====

# AdwCleaner v4.108 - Report created 17/01/2015 at 16:13:16
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : dell - TINASLAPTOP
# Running from : C:\Users\dell\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\GamingWonderland
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Users\dell\AppData\Local\GamingWonderland
Folder Deleted : C:\Users\dell\AppData\LocalLow\GamingWonderland
Folder Deleted : C:\Users\dell\AppData\LocalLow\iac
Folder Deleted : C:\Users\dell\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\dell\AppData\Roaming\Strongvault
Folder Deleted : C:\Users\dell\AppData\Roaming\Systweak
File Deleted : C:\Windows\System32\roboot64.exe
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E5A46-C344-4D13-99DB-BDCE7466B8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{82024F98-F9FB-47F4-860F-887E41883C9D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C9E2A578-FDDF-4214-8DB0-0F33E3421553}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E70EAE41-BB5A-440E-BF6E-BE2A280FD49C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5BC4D4DF-CE7A-4582-835E-56860B14462E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AE88B8C3-41A9-4BB6-B12D-BDA9219E58FB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16446
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [3356 octets] - [17/01/2015 16:10:30]
AdwCleaner[S0].txt - [3165 octets] - [17/01/2015 16:13:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3225 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by dell on Sat 01/17/2015 at 16:19:58.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\dell\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\dell\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\dell\appdata\local\cre"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\dell\appdata\local\{0E92C558-7997-4317-AD62-1BBD4DBCE9E0}
Successfully deleted: [Empty Folder] C:\Users\dell\appdata\local\{146CAB80-979F-47D7-9AA3-CBAEAED510F1}
Successfully deleted: [Empty Folder] C:\Users\dell\appdata\local\{49C9D6FD-E29B-4279-8066-38FC5566CAE6}
Successfully deleted: [Empty Folder] C:\Users\dell\appdata\local\{D65F0815-FC9A-45C5-8D5D-350A960E02C2}
Successfully deleted: [Empty Folder] C:\Users\dell\appdata\local\{DCC74FE2-9AAB-4B7F-A186-056963AA8E87}
Successfully deleted: [Empty Folder] C:\Users\dell\appdata\local\{ED320D04-275E-45B3-9E7A-6DF826CBE00D}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\dell\AppData\Roaming\mozilla\firefox\profiles\fwl6mtjm.default\extensions\gtffxtbr@gamingwonderland.com
Emptied folder: C:\Users\dell\AppData\Roaming\mozilla\firefox\profiles\fwl6mtjm.default\minidumps [10 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/17/2015 at 16:25:05.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Farbar Service Scanner Version: 17-01-2015
Ran by dell (administrator) on 17-01-2015 at 22:18:44
Running from "C:\Users\dell\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

Edited by zuruikyuubi, 18 January 2015 - 02:47 PM.


#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:29 AM

Posted 19 January 2015 - 01:01 PM

Reboot and tell me if the pop-ups are present.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 zuruikyuubi

zuruikyuubi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 19 January 2015 - 08:31 PM

Rebooted and the programs are still there

#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:29 AM

Posted 20 January 2015 - 12:08 AM

Provide me a fresh FRST scan log along with a screenshot of the pop-up.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 zuruikyuubi

zuruikyuubi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 20 January 2015 - 06:52 PM

30be4ib.jpg
 
fresh reboot
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by dell (administrator) on TINASLAPTOP on 20-01-2015 17:43:59
Running from C:\Users\dell\Desktop
Loaded Profiles: dell (Available profiles: dell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
() C:\Program Files (x86)\Converter Free Online\ConverterFreeOnlineUpdt.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
() C:\Users\dell\AppData\Local\GeniusBox\Client.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
() C:\Program Files (x86)\Converter Free Online\Taskbar.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(System Alerts LLC) C:\Users\dell\AppData\Local\DesktopTemperature\DesktopTemperature.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters10119\Tray\Fighters10119Tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] => C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe [80448 2010-12-15] (ArcSoft, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [CommonToolkitTray_Fighters10119] => C:\Program Files (x86)\Fighters10119\Tray\Fighters10119Tray.exe [1681952 2014-06-10] (SPAMfighter ApS)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Run: [Facebook Update] => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Run: [CFO] => C:\Program Files (x86)\Converter Free Online\Taskbar.exe [56952 2014-09-02] ()
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: E - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {0671fb22-026f-11e1-b733-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {4e5e543e-3638-11e0-81fa-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {5babd309-0261-11e1-8d0c-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {6c280b31-073c-11df-b548-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {6ee7d499-31c9-11e1-8bb8-a4badb964717} - E:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {784139ac-371b-11e0-964d-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {aad07c71-b64a-11e0-b7f9-a4badb964717} - E:\PcOptions.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
ShortcutTarget: Desktop Temperature Monitor.lnk -> C:\Users\dell\AppData\Local\DesktopTemperature\DesktopTemperature.exe (System Alerts LLC)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2343957900-2653222491-1802401330-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2343957900-2653222491-1802401330-1000] => http=127.0.0.1:49184;https=127.0.0.1:49184
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20150103,20029,0,18,9444
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {BE87C7CE-AB30-4C9E-9E75-F6808AC9EF6C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {EA289961-37B5-486A-9BEF-44C78D8C5534} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> DefaultScope {D611F701-14ED-457F-8AE6-50150947647C} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150103,20028,0,18,0
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> {D611F701-14ED-457F-8AE6-50150947647C} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150103,20028,0,18,0
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ConverterFreeOnline -> {C37441D1-E3E2-4733-BA49-FB8C35629E5B} -> C:\Program Files (x86)\Converter Free Online\ConverterFreeOnline_x64.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ConverterFreeOnline -> {C37441D1-E3E2-4733-BA49-FB8C35629E5B} -> C:\Program Files (x86)\Converter Free Online\ConverterFreeOnline.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-2343957900-2653222491-1802401330-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: HKLM-x32 {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Users\dell\AppData\Local\DesktopTemperature\hpOsh7.dll [307224] ()
Winsock: Catalog9 02 C:\Users\dell\AppData\Local\DesktopTemperature\hpOsh7.dll [307224] ()
Winsock: Catalog9 03 C:\Users\dell\AppData\Local\DesktopTemperature\hpOsh7.dll [307224] ()
Winsock: Catalog9 04 C:\Users\dell\AppData\Local\DesktopTemperature\hpOsh7.dll [307224] ()
Winsock: Catalog9 05 C:\Users\dell\AppData\Local\DesktopTemperature\hpOsh7.dll [307224] ()
Winsock: Catalog9 16 C:\Users\dell\AppData\Local\DesktopTemperature\hpOsh7.dll [307224] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @eximion.com/KalydoPlayer3.08.01 -> C:\Users\dell\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\dell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @talk.google.com/O1DPlugin -> C:\Users\dell\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @tools.google.com/Google Update;version=3 -> C:\Users\dell\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @tools.google.com/Google Update;version=9 -> C:\Users\dell\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2343957900-2653222491-1802401330-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dell\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dell\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\Extensions\LogMeInClient@logmein.com [2011-03-14]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-11-20]
FF Extension: Yahoo! Toolbar - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\fwl6mtjm.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-01-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-08-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-08-11]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-11-25]
FF HKLM-x32\...\Firefox\Extensions: [extension@Converter_Free_Online.com] - C:\Program Files (x86)\Converter Free Online\extension@Converter_Free_Online.com
FF Extension: ConverterFreeOnline - C:\Program Files (x86)\Converter Free Online\extension@Converter_Free_Online.com [2015-01-17]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\dell\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\dell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\dell\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\dell\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (3DVIA player) - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\dell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\dell\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (Adblock Plus) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-06]
CHR Extension: (Google Wallet) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-03]
CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR StartMenuInternet: Google Chrome - C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ConverterFreeOnlineUpdt; C:\Program Files (x86)\Converter Free Online\ConverterFreeOnlineUpdt.exe [256512 2014-09-02] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-23] (Google Inc)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [318336 2009-11-03] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2009-11-03] (Beceem communications pvt ltd.)
S3 cm_net; C:\Windows\System32\DRIVERS\cm_net.sys [133120 2008-05-29] (C-motech Co.,Ltd.)
S3 cm_ser; C:\Windows\System32\DRIVERS\cm_ser.sys [118272 2008-05-29] (C-motech Co.,Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RSUSBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [50176 2013-04-26] (Realtek Semiconductor Corp.)
S3 RSUSBCCID; C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys [50176 2009-11-06] (Realtek Semiconductor Corp.)
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-03] (QUALCOMM Incorporated)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\Afc.sys 6CCD1135320109D6B219F1A6E04AD9F6
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\smhwadb.sys 9C59BF508C5D408BB348254E0BA2EE30
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\drxvi314_64.sys 2BC216938A30981473FFEDB251196095
C:\Windows\System32\drivers\BCM42RLY.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys D127A82E01D64B6DD6A838DB710CCEA9
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cm_net.sys F749E9CABB1572649715EC69BD68CA4E
C:\Windows\System32\DRIVERS\cm_ser.sys E9E160FED596D6555DE17BC7A78AA424
C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 4F6FB2CDBDEEFC47E7D2066E78254580
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B
C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys C903D49655B4AAE46673F0AAA6BE0F58
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsUCcid.sys 5C62508A344A2A13F6A7A85286AE8F62
C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys 5C62508A344A2A13F6A7A85286AE8F62
C:\Windows\System32\Drivers\RtsUStor.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smhwdev.sys D6A7B4B28FA50EFEBC67168FAA23F158
C:\Windows\System32\DRIVERS\smhwser.sys 9122A68375D990280644DF33973B506A
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 3178B56219E0E4FB5F95299E49B83B44
C:\Windows\System32\drivers\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\System32\DRIVERS\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 17:43 - 2015-01-20 17:45 - 00047709 _____ () C:\Users\dell\Desktop\FRST.txt
2015-01-17 23:07 - 2015-01-17 23:07 - 00003038 _____ () C:\Windows\System32\Tasks\KeepMySettingsX
2015-01-17 23:07 - 2015-01-17 23:07 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2015-01-17 23:07 - 2015-01-17 23:07 - 00000000 ____D () C:\Program Files (x86)\Converter Free Online
2015-01-17 23:06 - 2015-01-17 23:06 - 00004456 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-01-17 23:06 - 2015-01-17 23:06 - 00004252 _____ () C:\Windows\System32\Tasks\Check Updates
2015-01-17 23:06 - 2015-01-17 23:06 - 00003860 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-17 23:06 - 2015-01-17 23:06 - 00000064 _____ () C:\Users\dell\AppData\Local\35fdf5a6ba875e9edd3e10d6484565c1
2015-01-17 23:05 - 2015-01-20 17:43 - 00000436 _____ () C:\Windows\Tasks\SLOW-PCfighter64-dell-Startup.job
2015-01-17 23:05 - 2015-01-20 17:39 - 00000426 _____ () C:\Windows\Tasks\SLOW-PCfighter64-dell-Notification.job
2015-01-17 23:05 - 2015-01-17 23:10 - 00000000 ____D () C:\ProgramData\Fighters10119
2015-01-17 23:05 - 2015-01-17 23:06 - 00000000 ____D () C:\Users\dell\AppData\Local\GeniusBox
2015-01-17 23:05 - 2015-01-17 23:05 - 00003494 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-dell-Notification
2015-01-17 23:05 - 2015-01-17 23:05 - 00002820 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-dell-Startup
2015-01-17 23:05 - 2015-01-17 23:05 - 00002157 _____ () C:\Users\Public\Desktop\SLOW-PCfighter 10119.lnk
2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Fighters10119
2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Users\dell\AppData\Local\System_Alerts_LLC
2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Program Files\Fighters10119
2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Program Files (x86)\Fighters10119
2015-01-17 23:04 - 2015-01-20 17:11 - 00000000 ____D () C:\Users\dell\AppData\Local\DesktopTemperature
2015-01-17 23:04 - 2015-01-17 23:07 - 00000000 ____D () C:\Users\dell\AppData\Roaming\KeepMySettingsX
2015-01-17 23:04 - 2015-01-17 23:04 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Yahoo!
2015-01-17 23:04 - 2015-01-17 23:04 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature
2015-01-17 16:28 - 2015-01-17 22:18 - 00002115 _____ () C:\Users\dell\Downloads\FSS.txt
2015-01-17 16:27 - 2015-01-17 16:27 - 00415232 _____ (Farbar) C:\Users\dell\Downloads\FSS.exe
2015-01-17 16:25 - 2015-01-17 16:25 - 00001988 _____ () C:\Users\dell\Desktop\JRT.txt
2015-01-17 16:19 - 2015-01-17 16:19 - 01707939 _____ (Thisisu) C:\Users\dell\Downloads\JRT.exe
2015-01-17 16:19 - 2015-01-17 16:19 - 00000000 ____D () C:\Windows\ERUNT
2015-01-17 16:10 - 2015-01-17 16:13 - 00000000 ____D () C:\AdwCleaner
2015-01-17 16:10 - 2015-01-17 16:10 - 02186752 _____ () C:\Users\dell\Downloads\AdwCleaner.exe
2015-01-17 15:16 - 2015-01-18 13:37 - 00000000 ____D () C:\Users\dell\Desktop\FRST-OlderVersion
2015-01-17 15:14 - 2015-01-17 15:14 - 02125824 _____ (Farbar) C:\Users\dell\Downloads\FRST64 (2).exe
2015-01-16 17:41 - 2015-01-16 17:41 - 00051430 _____ () C:\Users\dell\Downloads\Shortcut.txt
2015-01-16 17:40 - 2015-01-16 17:41 - 00039544 _____ () C:\Users\dell\Downloads\Addition.txt
2015-01-16 17:38 - 2015-01-16 17:41 - 00058103 _____ () C:\Users\dell\Downloads\FRST.txt
2015-01-16 17:37 - 2015-01-20 17:44 - 00000000 ____D () C:\FRST
2015-01-16 17:37 - 2015-01-18 13:37 - 02126848 _____ (Farbar) C:\Users\dell\Desktop\FRST64.exe
2015-01-16 17:37 - 2015-01-16 17:37 - 02125312 _____ (Farbar) C:\Users\dell\Downloads\FRST64 (1).exe
2015-01-15 17:41 - 2015-01-15 17:52 - 00013881 _____ () C:\Users\dell\Downloads\hijackthis.log
2015-01-15 17:40 - 2015-01-15 17:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\dell\Downloads\HijackThis.exe
2015-01-15 17:36 - 2015-01-15 17:37 - 55915216 _____ (Microsoft Corporation) C:\Users\dell\Downloads\IE11-Windows6.1-x64-en-us (1).exe
2014-12-24 20:14 - 2014-12-24 20:14 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 17:44 - 2009-07-13 23:10 - 01459533 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 17:39 - 2012-09-05 09:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 17:38 - 2012-09-09 08:05 - 00098741 _____ () C:\Windows\setupact.log
2015-01-20 17:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 17:18 - 2010-08-28 19:54 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000UA.job
2015-01-20 17:13 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 17:13 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 17:12 - 2009-07-13 23:13 - 00846282 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 19:31 - 2012-06-16 14:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 19:30 - 2012-09-05 09:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 19:25 - 2011-12-17 10:15 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000UA.job
2015-01-17 23:04 - 2011-02-04 19:17 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-17 23:04 - 2011-02-04 19:16 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-01-17 16:16 - 2012-09-09 08:05 - 00044980 _____ () C:\Windows\PFRO.log
2015-01-17 15:59 - 2010-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2015-01-17 15:18 - 2010-08-28 19:54 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000Core.job
2015-01-17 15:11 - 2010-01-22 02:04 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-15 17:49 - 2014-09-03 12:51 - 00050906 _____ () C:\Windows\IE11_main.log
2015-01-15 17:40 - 2010-04-27 14:53 - 00000000 ____D () C:\Users\dell\AppData\Local\VirtualStore
2015-01-15 17:37 - 2011-05-08 18:27 - 00002370 _____ () C:\Users\dell\Desktop\Google Chrome.lnk
2015-01-14 22:41 - 2010-05-31 04:06 - 00000000 ____D () C:\Users\dell\AppData\Local\Adobe
2015-01-14 22:31 - 2012-06-16 14:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 22:31 - 2012-06-16 14:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 22:31 - 2011-07-01 08:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 05:14 - 2010-08-29 19:17 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 15:14 - 2011-12-17 10:15 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343957900-2653222491-1802401330-1000Core.job
 
==================== Files in the root of some directories =======
2010-11-21 17:37 - 2010-11-21 17:57 - 0000308 _____ () C:\Users\dell\AppData\Roaming\Rim.Desktop.Exception.log
2010-11-21 17:36 - 2010-11-21 20:09 - 0001669 _____ () C:\Users\dell\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2010-05-07 22:45 - 2010-09-21 09:18 - 0001484 _____ () C:\Users\dell\AppData\Roaming\wklnhst.dat
2015-01-17 23:06 - 2015-01-17 23:06 - 0000064 _____ () C:\Users\dell\AppData\Local\35fdf5a6ba875e9edd3e10d6484565c1
2010-09-04 14:49 - 2010-09-04 14:49 - 0003584 _____ () C:\Users\dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-11 18:05 - 2011-03-11 18:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-02-01 21:50 - 2011-02-01 21:58 - 0000813 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\dell\gotomypc_428.exe
C:\Users\dell\jagex_cl_runescape_LIVE.dat
C:\Users\dell\jagex_runescape_preferences.dat
C:\Users\dell\jagex_runescape_preferences2.dat
C:\Users\dell\jagex__preferences3.dat
 
 
Some content of TEMP:
====================
C:\Users\dell\AppData\Local\Temp\Quarantine.exe
C:\Users\dell\AppData\Local\Temp\sqlite3.dll
C:\Users\dell\AppData\Local\Temp\SymCCIS.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {e130b710-0739-11df-b917-a2f878692dca}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 10
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {e130b712-0739-11df-b917-a2f878692dca}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e130b710-0739-11df-b917-a2f878692dca}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {e130b712-0739-11df-b917-a2f878692dca}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{e130b713-0739-11df-b917-a2f878692dca}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{e130b713-0739-11df-b917-a2f878692dca}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {e130b710-0739-11df-b917-a2f878692dca}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {e130b713-0739-11df-b917-a2f878692dca}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2014-09-11 16:37
 
==================== End Of Log ============================

Edited by zuruikyuubi, 20 January 2015 - 06:53 PM.


#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:29 AM

Posted 20 January 2015 - 11:28 PM

  • Step #7 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateTestorePoint:
      CloseProcesses:
      Emptytemp:
      C:\Program Files (x86)\Converter Free Online
      C:\Users\dell\AppData\Local\GeniusBox\
      HKLM-x32\...\Run: [CommonToolkitTray_Fighters10119] => C:\Program Files (x86)\Fighters10119\Tray\Fighters10119Tray.exe [1681952 2014-06-10] (SPAMfighter ApS)
      C:\Program Files (x86)\Fighters10119\
      HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Run: [CFO] => C:\Program Files (x86)\Converter Free Online\Taskbar.exe [56952 2014-09-02] ()
      HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: E - E:\PcOptions.exe
      HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {0671fb22-026f-11e1-b733-a4badb964717} - E:\PcOptions.exe
      HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {4e5e543e-3638-11e0-81fa-a4badb964717} - E:\PcOptions.exe
      HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {5babd309-0261-11e1-8d0c-a4badb964717} - E:\PcOptions.exe
      HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {6c280b31-073c-11df-b548-806e6f6e6963} - D:\autorun.exe
      HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {784139ac-371b-11e0-964d-a4badb964717} - E:\PcOptions.exe
      HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {aad07c71-b64a-11e0-b7f9-a4badb964717} - E:\PcOptions.exe
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      BHO: ConverterFreeOnline -> {C37441D1-E3E2-4733-BA49-FB8C35629E5B} -> C:\Program Files (x86)\Converter Free Online\ConverterFreeOnline_x64.dll ()
      BHO-x32: ConverterFreeOnline -> {C37441D1-E3E2-4733-BA49-FB8C35629E5B} -> C:\Program Files (x86)\Converter Free Online\ConverterFreeOnline.dll ()
      2015-01-17 23:07 - 2015-01-17 23:07 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
      2015-01-17 23:06 - 2015-01-17 23:06 - 00003860 _____ () C:\Windows\System32\Tasks\GeniusBox
      2015-01-17 23:05 - 2015-01-20 17:43 - 00000436 _____ () C:\Windows\Tasks\SLOW-PCfighter64-dell-Startup.job
      2015-01-17 23:05 - 2015-01-20 17:39 - 00000426 _____ () C:\Windows\Tasks\SLOW-PCfighter64-dell-Notification.job
      2015-01-17 23:05 - 2015-01-17 23:10 - 00000000 ____D () C:\ProgramData\Fighters10119
      2015-01-17 23:05 - 2015-01-17 23:06 - 00000000 ____D () C:\Users\dell\AppData\Local\GeniusBox
      2015-01-17 23:05 - 2015-01-17 23:05 - 00003494 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-dell-Notification
      2015-01-17 23:05 - 2015-01-17 23:05 - 00002820 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-dell-Startup
      2015-01-17 23:05 - 2015-01-17 23:05 - 00002157 _____ () C:\Users\Public\Desktop\SLOW-PCfighter 10119.lnk
      2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Fighters10119
      2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Program Files\Fighters10119
      2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Program Files (x86)\Fighters10119
      2015-01-17 23:07 - 2015-01-17 23:07 - 00003038 _____ () C:\Windows\System32\Tasks\KeepMySettingsX
      2015-01-17 23:04 - 2015-01-17 23:07 - 00000000 ____D () C:\Users\dell\AppData\Roaming\KeepMySettingsX
      C:\Users\dell\Desktop\view;_ylt=AwrB8pacn7hUJzgA27yJzbkF;_ylu=X3oDMTIyMzR2bG43BHNlYwNzcgRzbGsDaW1nBG9pZANlYTMwODVjZmVlZDk5MGFjMzA0YjQ1NTFjYjZlNzcwNgRncG9zAzIEaXQDYmluZw--.htm
      CMD: netsh winsock reset
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 zuruikyuubi

zuruikyuubi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 21 January 2015 - 08:07 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 01
Ran by dell at 2015-01-21 07:01:45 Run:2
Running from C:\Users\dell\Desktop
Loaded Profiles: dell (Available profiles: dell)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateTestorePoint:
CloseProcesses:
Emptytemp:
C:\Program Files (x86)\Converter Free Online
C:\Users\dell\AppData\Local\GeniusBox\
HKLM-x32\...\Run: [CommonToolkitTray_Fighters10119] => C:\Program Files (x86)\Fighters10119\Tray\Fighters10119Tray.exe [1681952 2014-06-10] (SPAMfighter ApS)
C:\Program Files (x86)\Fighters10119\
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\Run: [CFO] => C:\Program Files (x86)\Converter Free Online\Taskbar.exe [56952 2014-09-02] ()
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: E - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {0671fb22-026f-11e1-b733-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {4e5e543e-3638-11e0-81fa-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {5babd309-0261-11e1-8d0c-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {6c280b31-073c-11df-b548-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {784139ac-371b-11e0-964d-a4badb964717} - E:\PcOptions.exe
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\...\MountPoints2: {aad07c71-b64a-11e0-b7f9-a4badb964717} - E:\PcOptions.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ConverterFreeOnline -> {C37441D1-E3E2-4733-BA49-FB8C35629E5B} -> C:\Program Files (x86)\Converter Free Online\ConverterFreeOnline_x64.dll ()
BHO-x32: ConverterFreeOnline -> {C37441D1-E3E2-4733-BA49-FB8C35629E5B} -> C:\Program Files (x86)\Converter Free Online\ConverterFreeOnline.dll ()
2015-01-17 23:07 - 2015-01-17 23:07 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2015-01-17 23:06 - 2015-01-17 23:06 - 00003860 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-17 23:05 - 2015-01-20 17:43 - 00000436 _____ () C:\Windows\Tasks\SLOW-PCfighter64-dell-Startup.job
2015-01-17 23:05 - 2015-01-20 17:39 - 00000426 _____ () C:\Windows\Tasks\SLOW-PCfighter64-dell-Notification.job
2015-01-17 23:05 - 2015-01-17 23:10 - 00000000 ____D () C:\ProgramData\Fighters10119
2015-01-17 23:05 - 2015-01-17 23:06 - 00000000 ____D () C:\Users\dell\AppData\Local\GeniusBox
2015-01-17 23:05 - 2015-01-17 23:05 - 00003494 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-dell-Notification
2015-01-17 23:05 - 2015-01-17 23:05 - 00002820 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-dell-Startup
2015-01-17 23:05 - 2015-01-17 23:05 - 00002157 _____ () C:\Users\Public\Desktop\SLOW-PCfighter 10119.lnk
2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Fighters10119
2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Program Files\Fighters10119
2015-01-17 23:05 - 2015-01-17 23:05 - 00000000 ____D () C:\Program Files (x86)\Fighters10119
2015-01-17 23:07 - 2015-01-17 23:07 - 00003038 _____ () C:\Windows\System32\Tasks\KeepMySettingsX
2015-01-17 23:04 - 2015-01-17 23:07 - 00000000 ____D () C:\Users\dell\AppData\Roaming\KeepMySettingsX
C:\Users\dell\Desktop\view;_ylt=AwrB8pacn7hUJzgA27yJzbkF;_ylu=X3oDMTIyMzR2bG43BHNlYwNzcgRzbGsDaW1nBG9pZANlYTMwODVjZmVlZDk5MGFjMzA0YjQ1NTFjYjZlNzcwNgRncG9zAzIEaXQDYmluZw--.htm
CMD: netsh winsock reset
End
*****************
 
CreateTestorePoint: => Error: No automatic fix found for this entry.
Processes closed successfully.
C:\Program Files (x86)\Converter Free Online => Moved successfully.
C:\Users\dell\AppData\Local\GeniusBox => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CommonToolkitTray_Fighters10119 => value deleted successfully.
C:\Program Files (x86)\Fighters10119 => Moved successfully.
HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CFO => value deleted successfully.
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => Key deleted successfully.
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0671fb22-026f-11e1-b733-a4badb964717}" => Key deleted successfully.
HKCR\CLSID\{0671fb22-026f-11e1-b733-a4badb964717} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e5e543e-3638-11e0-81fa-a4badb964717}" => Key deleted successfully.
HKCR\CLSID\{4e5e543e-3638-11e0-81fa-a4badb964717} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5babd309-0261-11e1-8d0c-a4badb964717}" => Key deleted successfully.
HKCR\CLSID\{5babd309-0261-11e1-8d0c-a4badb964717} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c280b31-073c-11df-b548-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{6c280b31-073c-11df-b548-806e6f6e6963} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784139ac-371b-11e0-964d-a4badb964717}" => Key deleted successfully.
HKCR\CLSID\{784139ac-371b-11e0-964d-a4badb964717} => Key not found. 
"HKU\S-1-5-21-2343957900-2653222491-1802401330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aad07c71-b64a-11e0-b7f9-a4badb964717}" => Key deleted successfully.
HKCR\CLSID\{aad07c71-b64a-11e0-b7f9-a4badb964717} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C37441D1-E3E2-4733-BA49-FB8C35629E5B}" => Key deleted successfully.
"HKCR\CLSID\{C37441D1-E3E2-4733-BA49-FB8C35629E5B}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C37441D1-E3E2-4733-BA49-FB8C35629E5B}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{C37441D1-E3E2-4733-BA49-FB8C35629E5B}" => Key deleted successfully.
C:\Program Files (x86)\File Type Helper => Moved successfully.
C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
C:\Windows\Tasks\SLOW-PCfighter64-dell-Startup.job => Moved successfully.
C:\Windows\Tasks\SLOW-PCfighter64-dell-Notification.job => Moved successfully.
C:\ProgramData\Fighters10119 => Moved successfully.
"C:\Users\dell\AppData\Local\GeniusBox" => File/Directory not found.
C:\Windows\System32\Tasks\SLOW-PCfighter64-dell-Notification => Moved successfully.
C:\Windows\System32\Tasks\SLOW-PCfighter64-dell-Startup => Moved successfully.
C:\Users\Public\Desktop\SLOW-PCfighter 10119.lnk => Moved successfully.
C:\Users\dell\AppData\Roaming\Fighters10119 => Moved successfully.
C:\Program Files\Fighters10119 => Moved successfully.
"C:\Program Files (x86)\Fighters10119" => File/Directory not found.
C:\Windows\System32\Tasks\KeepMySettingsX => Moved successfully.
C:\Users\dell\AppData\Roaming\KeepMySettingsX => Moved successfully.
"C:\Users\dell\Desktop\view;_ylt=AwrB8pacn7hUJzgA27yJzbkF;_ylu=X3oDMTIyMzR2bG43BHNlYwNzcgRzbGsDaW1nBG9pZANlYTMwODVjZmVlZDk5MGFjMzA0YjQ1NTFjYjZlNzcwNgRncG9zAzIEaXQDYmluZw--.htm" => File/Directory not found.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 70.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 07:01:59 ====


#12 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:29 AM

Posted 21 January 2015 - 08:08 AM

How is your PC?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#13 zuruikyuubi

zuruikyuubi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 21 January 2015 - 09:12 AM

I will have to check when I get off work today.

#14 zuruikyuubi

zuruikyuubi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 21 January 2015 - 10:39 PM

Everything is looking good, thank you

#15 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:29 AM

Posted 22 January 2015 - 12:03 AM

  • Step #8 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #9 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • MBAM Log
    • ESET Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users