Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Crypotwall 3.0 Please Help with removal


  • This topic is locked This topic is locked
89 replies to this topic

#1 SEREDMAN

SEREDMAN

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 13 February 2015 - 09:47 PM

Hello my name is Sarah and I am looking for some help.  My computer (Dell with Windows 7) is infected with Cryptowall 3.0 and it has taken my files hostage.  The main files that I noticed that we infected were pictures.

I have installed and run both Spyhunter 4 and McAfee but each time my computer restarts and the programs run again it still shows that the virus is still a threat.  I attempted to download ListCwall to remove the files but it will not download past 68% for some reason.

 I am hoping to remove the malware and hopefully restore my photos through a shadow program.

Can anyone help me with this?   Thank you.



BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 15 February 2015 - 01:10 AM

Hello Sarah, welcome to Bleeping Computer's Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems. :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach (not copy/paste) the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)

Posted Image

#3 SEREDMAN

SEREDMAN
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 16 February 2015 - 01:20 AM

Thank you Adam in advance for your time. I will do as requested asap but I wanted to double check one thing, am I to start the computer as normal or in safe mode with networking??

#4 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 16 February 2015 - 02:24 AM

Hi Sarah, 

 

If you are able to start the computer in Normal Mode and run the programmes there, please do so. If you're unable, please boot into Safe Mode with Networking. 


Posted Image

#5 SEREDMAN

SEREDMAN
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 16 February 2015 - 10:00 AM

I copied the FRST.txt and Additional.txt

 

 

 

 

Scan result of Farbar Recovery Scan tool (FRST.txt) (x64) Version: 15-02-2015
Ran by koontz312 (administrator) on KOONTZ312-PC on 16-02-2015 05:36:43
Running from C:\Users\koontz312\Downloads
Loaded Profiles: koontz312 (Available profiles: koontz312)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2034752 2011-08-08] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1674896 2011-09-16] (McAfee, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\RunOnce: [SH4_RestoreHibernation] => C:\Windows\System32\powercfg.exe [71168 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-06] (Dell)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid\Vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [Logitech Vid HD] => C:\Program Files (x86)\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [HuyaTurz] => regsvr32.exe "C:\ProgramData\HuyaTurz\PaxeGhacp.tgx"
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [Svc2dll] => C:\Users\koontz312\AppData\Local\svcxdcl32.exe [262144 2015-02-14] ()
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: E - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: J - J:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {4bb6fa7a-9f23-11e4-ab8c-b8ac6fe4fe28} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {68a76675-2385-11e4-bb3b-b8ac6fe4fe28} - J:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {a0b576e8-8cbd-11e4-aba0-b8ac6fe4fe28} - J:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {a722b6e3-dcdd-11e0-9bdf-b8ac6fe4fe28} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {a8f16262-413b-11e4-9e8e-b8ac6fe4fe28} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\TL-Bootstrap.exe
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {a8f16266-413b-11e4-9e8e-b8ac6fe4fe28} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2261786481-891652113-2891113778-1001 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-2261786481-891652113-2891113778-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-2261786481-891652113-2891113778-1001 -> {76BEEE84-BEE2-4526-95C9-FEE98140EDF6} URL = http://search.genieo.com/results.html?v=w3i20&wtag=W3i_IA,206,0_01,DefaultSearch,20141148,19841,IE11,0,6944&q={searchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2261786481-891652113-2891113778-1001 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2BB6C7B0-002A-4521-8E1F-DF3FA66594D7}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-05-04]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-10]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-05-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-05-04]
FF HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aifbkdoebpbcaddcjobobbanaokiepnb] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0231291423943068mcinstcleanup; C:\Windows\TEMP\023129~1.EXE [828032 2012-09-04] (McAfee, Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-10] (WildTangent)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [220528 2010-08-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-12] (Enigma Software Group USA, LLC.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 C771BUS; C:\Windows\System32\DRIVERS\C771BUS.sys [71752 2010-08-26] (DEVGURU Co., LTD.)
S3 C771VSP; C:\Windows\System32\DRIVERS\C771VSP.sys [186056 2010-08-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-02-12] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-12] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 mfehidk01; \Device\mfehidk01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 05:34 - 2015-02-16 05:35 - 00041239 _____ () C:\Users\koontz312\Downloads\Addition.txt
2015-02-16 05:33 - 2015-02-16 05:36 - 00020958 _____ () C:\Users\koontz312\Downloads\FRST.txt
2015-02-16 05:33 - 2015-02-16 05:36 - 00000000 ____D () C:\FRST
2015-02-16 05:28 - 2015-02-16 05:31 - 01125888 _____ (Farbar) C:\Users\koontz312\Downloads\FRST.exe
2015-02-16 05:28 - 2015-02-16 05:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-16 05:27 - 2015-02-16 05:32 - 02085888 _____ (Farbar) C:\Users\koontz312\Downloads\FRST64.exe
2015-02-16 05:21 - 2015-02-16 05:21 - 286049793 _____ () C:\Windows\MEMORY.DMP
2015-02-16 05:21 - 2015-02-16 05:21 - 00271872 _____ () C:\Windows\Minidump\021615-18314-01.dmp
2015-02-16 05:21 - 2015-02-16 05:21 - 00000000 ____D () C:\Windows\Minidump
2015-02-14 14:44 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-02-14 07:10 - 2015-02-14 07:10 - 00008696 _____ () C:\Users\koontz312\HELP_DECRYPT.HTML
2015-02-14 07:10 - 2015-02-14 07:10 - 00008696 _____ () C:\Users\koontz312\Desktop\HELP_DECRYPT.HTML
2015-02-14 07:10 - 2015-02-14 07:10 - 00008696 _____ () C:\Users\HELP_DECRYPT.HTML
2015-02-14 07:10 - 2015-02-14 07:10 - 00008696 _____ () C:\HELP_DECRYPT.HTML
2015-02-14 07:10 - 2015-02-14 07:10 - 00004288 _____ () C:\Users\koontz312\HELP_DECRYPT.TXT
2015-02-14 07:10 - 2015-02-14 07:10 - 00004288 _____ () C:\Users\koontz312\Desktop\HELP_DECRYPT.TXT
2015-02-14 07:10 - 2015-02-14 07:10 - 00004288 _____ () C:\Users\HELP_DECRYPT.TXT
2015-02-14 07:10 - 2015-02-14 07:10 - 00004288 _____ () C:\HELP_DECRYPT.TXT
2015-02-14 07:10 - 2015-02-14 07:10 - 00000300 _____ () C:\Users\koontz312\Desktop\HELP_DECRYPT.URL
2015-02-14 07:10 - 2015-02-14 07:10 - 00000300 _____ () C:\Users\HELP_DECRYPT.URL
2015-02-14 07:10 - 2015-02-14 07:10 - 00000300 _____ () C:\HELP_DECRYPT.URL
2015-02-14 07:03 - 2015-02-14 07:03 - 00008696 _____ () C:\Users\koontz312\Documents\HELP_DECRYPT.HTML
2015-02-14 07:03 - 2015-02-14 07:03 - 00008696 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-14 07:03 - 2015-02-14 07:03 - 00008696 _____ () C:\Users\koontz312\AppData\HELP_DECRYPT.HTML
2015-02-14 07:03 - 2015-02-14 07:03 - 00004288 _____ () C:\Users\koontz312\Documents\HELP_DECRYPT.TXT
2015-02-14 07:03 - 2015-02-14 07:03 - 00004288 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.TXT
2015-02-14 07:03 - 2015-02-14 07:03 - 00004288 _____ () C:\Users\koontz312\AppData\HELP_DECRYPT.TXT
2015-02-14 07:02 - 2015-02-14 07:02 - 00008696 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.HTML
2015-02-14 07:02 - 2015-02-14 07:02 - 00008696 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-14 07:02 - 2015-02-14 07:02 - 00004288 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.TXT
2015-02-14 07:02 - 2015-02-14 07:02 - 00004288 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-02-14 06:57 - 2015-02-14 07:05 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Local Store
2015-02-14 06:52 - 2015-02-14 06:54 - 00000153 _____ () C:\Users\koontz312\AppData\Local\svcxdcl32.dat
2015-02-14 06:52 - 2015-02-14 06:52 - 00262144 _____ () C:\Users\koontz312\AppData\Local\svcxdcl32.exe
2015-02-14 06:52 - 2015-02-14 06:52 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-02-14 06:51 - 2015-02-14 06:51 - 00000000 ____D () C:\ProgramData\HuyaTurz
2015-02-14 02:45 - 2015-02-14 02:45 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{1157C778-9BCF-48F7-A7B4-2F6D89970C33}
2015-02-13 09:33 - 2015-02-13 09:33 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{130DB71D-0984-469B-B706-26021A937DC2}
2015-02-13 02:36 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 02:36 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 02:36 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 02:36 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 21:49 - 2015-02-12 06:02 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-12 21:44 - 2015-02-12 21:44 - 00003008 _____ () C:\Windows\System32\Tasks\{BAC0BDCC-ECAF-4443-8E73-B378AA5CACBA}
2015-02-12 21:32 - 2015-02-12 21:33 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{30087121-6BDF-4095-A390-948F9E8E7CA0}
2015-02-12 21:23 - 2015-02-12 21:24 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{B56929D9-C0FB-4571-90A2-A31279213A82}
2015-02-12 21:19 - 2015-02-14 14:18 - 00012795 _____ () C:\sh4_service.log
2015-02-12 21:16 - 2015-02-12 06:50 - 00285747 _____ () C:\shldr
2015-02-12 21:16 - 2015-02-12 06:50 - 00008192 _____ () C:\shldr.mbr
2015-02-12 16:19 - 2015-02-14 09:10 - 00002365 _____ () C:\spyhunter.log
2015-02-12 09:07 - 2015-02-12 09:38 - 39739064 _____ (Microsoft Corporation) C:\Users\koontz312\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-12 09:07 - 2015-02-12 09:14 - 02238600 _____ (Microsoft Corporation) C:\Users\koontz312\Downloads\DefaultPack.EXE
2015-02-12 07:00 - 2015-02-12 07:00 - 00000000 _____ () C:\autoexec.bat
2015-02-12 06:59 - 2015-02-14 03:38 - 00001295 _____ () C:\Users\koontz312\Desktop\SpyHunter.lnk
2015-02-12 06:59 - 2015-02-12 21:49 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-02-12 06:59 - 2015-02-12 06:59 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Enigma Software Group
2015-02-12 06:52 - 2015-02-12 06:52 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{0FFEC12E-097E-47FC-8EF1-0CC8FE31E688}
2015-02-12 06:42 - 2015-02-12 06:50 - 00000000 ____D () C:\sh4ldr
2015-02-12 06:13 - 2015-02-12 06:13 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{107449EF-39B9-438F-924C-CB339A6A719A}
2015-02-12 05:57 - 2015-02-12 05:57 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-12 05:54 - 2015-02-12 21:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\koontz312\Downloads\SpyHunter-Installer.exe
2015-02-12 05:39 - 2015-02-12 05:39 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{DB223036-75EF-4A5D-A040-3314CF0D56F3}
2015-02-12 05:30 - 2015-02-12 05:31 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{5986F74F-44D8-4784-965C-F6DCBCB118CA}
2015-02-11 06:39 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 06:39 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 06:39 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 06:39 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 06:39 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 06:39 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 06:39 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 06:39 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 06:39 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 06:39 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 06:39 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 06:39 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 06:39 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 06:39 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 06:39 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 06:39 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 06:39 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 06:39 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 06:39 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 06:39 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 06:39 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 06:39 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 06:39 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 06:39 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 06:39 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 06:39 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 06:39 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 06:39 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 06:39 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 06:39 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 06:39 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 06:39 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 06:39 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 06:39 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 06:39 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 06:39 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 06:39 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 06:39 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 06:39 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 06:39 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 06:39 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 06:39 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 06:39 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 06:39 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 06:39 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 06:39 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 06:39 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 06:38 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 06:38 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 06:38 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 06:38 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 06:38 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 06:30 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 06:01 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 06:01 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 06:01 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 06:00 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 06:00 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 06:00 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 06:00 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 06:00 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 06:00 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 06:00 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 05:59 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 05:59 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 05:58 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 05:58 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 05:58 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 05:58 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 05:58 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 05:58 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 05:58 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 05:58 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 05:58 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 05:58 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 05:58 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 05:58 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 05:58 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 05:58 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 05:58 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 05:58 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 05:58 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 05:58 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 05:58 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 05:58 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 05:57 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 05:57 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 05:55 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 05:55 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 05:51 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 05:51 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 05:48 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-04 15:29 - 2015-02-14 07:10 - 00000300 _____ () C:\Users\koontz312\HELP_DECRYPT.URL
2015-02-04 15:29 - 2015-02-04 15:29 - 00000300 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-02-04 14:47 - 2015-02-14 07:03 - 00000300 _____ () C:\Users\koontz312\Documents\HELP_DECRYPT.URL
2015-02-04 14:47 - 2015-02-04 14:47 - 00000300 _____ () C:\Users\koontz312\Downloads\HELP_DECRYPT.URL
2015-02-04 14:46 - 2015-02-14 07:03 - 00000300 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.URL
2015-02-04 14:46 - 2015-02-14 07:03 - 00000300 _____ () C:\Users\koontz312\AppData\HELP_DECRYPT.URL
2015-02-04 14:45 - 2015-02-14 07:02 - 00000300 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.URL
2015-02-04 14:43 - 2015-02-14 07:02 - 00000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-02-01 10:00 - 2015-02-01 10:00 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{C84AA1DA-3AD5-4CE9-A922-85029BF9C19D}
2015-01-29 10:29 - 2015-01-29 22:30 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{7EE141B8-B6FD-4FB0-902D-1B89783BFC65}
2015-01-28 12:29 - 2015-01-28 12:30 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{B0AD0CAF-88F0-40E2-AA5A-4D2F7CD9073A}
2015-01-28 12:22 - 2015-02-14 02:45 - 00000000 ___RD () C:\Users\koontz312\Google Drive
2015-01-28 12:22 - 2015-01-28 12:22 - 00001707 _____ () C:\Users\koontz312\Desktop\Google Drive.lnk
2015-01-28 11:37 - 2015-01-28 11:37 - 00002004 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-28 11:37 - 2015-01-28 11:37 - 00002002 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-28 11:37 - 2015-01-28 11:37 - 00001992 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-28 11:37 - 2015-01-28 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 10:30 - 2015-02-14 18:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 10:30 - 2015-02-14 02:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 10:30 - 2015-02-05 05:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-28 10:30 - 2015-02-05 05:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-28 10:30 - 2015-01-29 09:58 - 06000640 _____ () C:\Program Files (x86)\GUT1234.tmp
2015-01-28 10:30 - 2015-01-28 10:30 - 00000000 ____D () C:\Program Files (x86)\GUM1233.tmp
2015-01-28 10:29 - 2015-01-28 10:29 - 00880784 _____ (Google Inc.) C:\Users\koontz312\Downloads\googledrivesync.exe
2015-01-27 10:11 - 2015-01-27 10:11 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{4C3BEEA9-7F7A-4030-9DF6-86C4C58DB91C}
2015-01-27 09:09 - 2015-01-27 09:09 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{C70F7C35-126F-4353-99C5-9FCD1F26960F}
2015-01-26 14:37 - 2015-01-26 14:37 - 00000000 ____D () C:\ProgramData\3ac76aec00007e86
2015-01-26 14:29 - 2015-01-26 14:33 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\.minecraft
2015-01-26 14:28 - 2015-02-13 22:25 - 00000000 ____D () C:\Users\koontz312\Documents\Super Optimizer
2015-01-26 14:27 - 2015-01-26 14:27 - 00020672 _____ () C:\Users\koontz312\AppData\Roaming\ICSW_0C1T1E2Z1T1L1G1Q1F2W1G1I1F1T1Q1BtJ1V0G1P1P1J0B2Y1Q1Q2U.txt
2015-01-26 14:21 - 2015-01-26 14:21 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\0C1T1E2Z1T1L1G1Q1F2W1G1I1F1T1Q1B
2015-01-26 09:16 - 2015-01-26 09:16 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{87C5BB8A-B60A-42AA-94CF-1F90F387F591}
2015-01-25 09:56 - 2015-01-25 14:00 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\CVS
2015-01-25 09:53 - 2015-01-25 09:54 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{D0EDA1F3-4549-41BA-B381-A8A77A91A00D}
2015-01-23 13:37 - 2015-01-23 13:37 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{24767574-4A51-4E2D-BECD-EC39651F108A}
2015-01-22 06:19 - 2015-01-22 06:19 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{943105AF-747F-4A85-8270-DC866589AE10}
2015-01-21 19:30 - 2015-01-21 19:30 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-21 19:29 - 2015-02-14 02:37 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-21 00:35 - 2015-01-21 12:37 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{62CD8214-C012-422A-A8EE-A0FA65B06492}
2015-01-20 12:34 - 2015-01-20 12:34 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{E3F6F9AE-D7CB-4F0C-8115-F026F5FCD7C4}
2015-01-20 00:29 - 2015-01-20 12:34 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{D40E9F6D-4F63-42E3-A366-C8C98AE72DEC}
2015-01-20 00:29 - 2015-01-20 00:29 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{CF32E2AA-4CB0-4D38-9A9C-7D554BDCFF09}
2015-01-20 00:27 - 2015-01-20 12:34 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{B30A92A8-2574-4374-AA62-59FC01269BE6}
2015-01-18 10:57 - 2015-01-20 12:34 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{D8C00C98-2EB1-4C3B-8803-2E26BBB7E795}
2015-01-17 19:05 - 2015-01-17 19:05 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{337BDF00-762D-4047-9453-E7A5B002B062}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 05:21 - 2011-05-04 11:53 - 00154706 _____ () C:\Windows\PFRO.log
2015-02-14 14:44 - 2011-05-04 10:17 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-14 14:23 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-14 14:23 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-14 14:12 - 2011-05-04 10:09 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-02-14 14:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 14:10 - 2009-07-13 23:51 - 00082900 _____ () C:\Windows\setupact.log
2015-02-14 07:22 - 2011-11-08 19:35 - 00071168 ___SH () C:\Users\koontz312\Desktop\Thumbs.db
2015-02-14 07:10 - 2011-08-23 07:49 - 00000000 ____D () C:\Users\koontz312\Tracing
2015-02-14 07:10 - 2011-05-10 14:02 - 00000000 ____D () C:\Users\koontz312
2015-02-14 07:03 - 2011-09-28 20:03 - 00000000 ____D () C:\Users\koontz312\Documents\My Games
2015-02-14 07:02 - 2011-06-26 23:42 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Google
2015-02-14 07:02 - 2011-05-10 18:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-14 07:02 - 2011-05-10 14:08 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Adobe
2015-02-14 07:02 - 2011-05-04 10:21 - 00000000 ____D () C:\ProgramData\Sonic
2015-02-14 07:01 - 2011-05-04 10:21 - 00000000 ____D () C:\ProgramData\PhotoShow Shared Assets
2015-02-14 07:00 - 2011-05-04 10:17 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-14 06:58 - 2014-07-28 12:30 - 00000000 ____D () C:\ProgramData\Logitech
2015-02-14 06:58 - 2014-07-28 12:29 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-02-14 06:58 - 2011-05-10 16:53 - 00000000 ____D () C:\ProgramData\HP
2015-02-14 06:58 - 2011-05-04 10:20 - 00000000 ____D () C:\ProgramData\Macrovision
2015-02-14 06:57 - 2014-08-08 14:34 - 00000000 ____D () C:\Papyrus
2015-02-14 06:57 - 2011-05-04 12:25 - 00000000 ____D () C:\dell
2015-02-14 03:06 - 2009-07-14 00:10 - 01533567 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 02:43 - 2011-05-04 10:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-02-14 02:43 - 2011-05-04 10:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-02-13 22:26 - 2011-05-23 20:36 - 00000000 ____D () C:\Users\koontz312\Documents\My Scans
2015-02-13 22:25 - 2011-09-20 16:38 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Playrix Entertainment
2015-02-13 22:25 - 2011-09-13 16:50 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Skype
2015-02-13 22:25 - 2011-07-21 11:37 - 00000000 ____D () C:\Users\koontz312\Documents\CrystalCaveClassic
2015-02-13 22:25 - 2011-07-19 08:57 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\runic games
2015-02-13 22:25 - 2011-07-16 17:53 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\PlayFirst
2015-02-13 22:25 - 2011-06-15 17:41 - 00000000 ____D () C:\Users\koontz312\Documents\LDW
2015-02-13 22:25 - 2011-05-31 23:40 - 00000000 ____D () C:\Users\koontz312\Documents\Ankh - The Lost Treasures
2015-02-13 22:24 - 2011-09-22 16:04 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Jewel Match 3
2015-02-13 22:24 - 2011-09-08 16:53 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\KidZui
2015-02-13 22:24 - 2011-07-04 20:51 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\dingogames
2015-02-13 22:24 - 2011-05-10 17:04 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\HP
2015-02-13 22:24 - 2011-05-10 14:08 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Macromedia
2015-02-13 22:24 - 2011-05-10 14:07 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Dell Touch Zone
2015-02-13 22:24 - 2011-05-10 14:07 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Dell
2015-02-13 22:22 - 2011-05-25 18:18 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Wild Tangent
2015-02-13 21:13 - 2014-09-06 10:47 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Skype
2015-02-13 21:13 - 2011-05-18 14:41 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Microsoft Games
2015-02-13 21:00 - 2011-05-10 14:08 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Dell
2015-02-13 21:00 - 2011-05-10 14:08 - 00000000 ____D () C:\Users\koontz312\AppData\Local\ArcSoft
2015-02-13 20:38 - 2011-05-04 10:06 - 00000000 ____D () C:\ProgramData\WildTangent
2015-02-13 20:37 - 2011-05-24 12:18 - 00000000 ____D () C:\ProgramData\Wild Tangent
2015-02-13 20:37 - 2011-05-04 10:10 - 00000000 ____D () C:\ProgramData\Skype
2015-02-13 20:36 - 2011-09-20 16:44 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2015-02-13 20:36 - 2011-05-26 10:17 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-02-13 20:21 - 2011-08-14 20:47 - 00000000 ____D () C:\ProgramData\AWEM
2015-02-13 20:21 - 2011-07-05 19:29 - 00000000 ____D () C:\ProgramData\GameHouse
2015-02-13 20:21 - 2011-05-04 10:12 - 00000000 ____D () C:\ProgramData\Dell
2015-02-13 04:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 04:00 - 2011-05-04 10:17 - 00000000 ____D () C:\Program Files\mcafee
2015-02-13 04:00 - 2011-05-04 10:17 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-12 21:16 - 2011-06-10 12:06 - 00000000 ____D () C:\Program Files (x86)\SelectRebates
2015-02-12 03:47 - 2009-07-13 23:45 - 00321280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:44 - 2014-12-11 03:25 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:44 - 2014-07-16 03:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:43 - 2011-05-14 18:54 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\SoftGrid Client
2015-02-12 03:21 - 2014-07-15 02:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 09:59 - 2011-05-24 04:49 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-02-05 14:42 - 2011-05-24 04:50 - 00002390 ____N () C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
2015-02-05 14:42 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-29 17:49 - 2011-05-19 05:56 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 11:37 - 2011-07-03 17:00 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-27 09:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-27 09:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-27 09:21 - 2011-05-14 18:59 - 00000000 __RHD () C:\MSOCache
2015-01-20 21:10 - 2011-08-28 10:46 - 00000000 ____D () C:\Users\koontz312\Documents\Drive Green
2015-01-18 15:51 - 2011-08-08 12:56 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Windows Live
2015-01-18 11:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-01-28 10:30 - 2015-01-29 09:58 - 6000640 _____ () C:\Program Files (x86)\GUT1234.tmp
2010-07-23 06:53 - 2010-07-23 06:53 - 0208720 _____ (Microsoft Corporation) C:\Users\koontz312\AppData\Roaming\BtvStack.dll
2015-02-14 07:03 - 2015-02-14 07:03 - 0008696 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-04 14:46 - 2015-02-14 07:03 - 0045917 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.PNG
2015-02-14 07:03 - 2015-02-14 07:03 - 0004288 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.TXT
2015-02-04 14:46 - 2015-02-14 07:03 - 0000300 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.URL
2015-01-26 14:27 - 2015-01-26 14:27 - 0020672 _____ () C:\Users\koontz312\AppData\Roaming\ICSW_0C1T1E2Z1T1L1G1Q1F2W1G1I1F1T1Q1BtJ1V0G1P1P1J0B2Y1Q1Q2U.txt
2015-02-14 07:02 - 2015-02-14 07:02 - 0008696 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.HTML
2015-02-04 14:45 - 2015-02-14 07:02 - 0045917 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.PNG
2015-02-14 07:02 - 2015-02-14 07:02 - 0004288 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.TXT
2015-02-04 14:45 - 2015-02-14 07:02 - 0000300 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.URL
2015-02-14 06:52 - 2015-02-14 06:54 - 0000153 _____ () C:\Users\koontz312\AppData\Local\svcxdcl32.dat
2015-02-14 06:52 - 2015-02-14 06:52 - 0262144 _____ () C:\Users\koontz312\AppData\Local\svcxdcl32.exe
2011-09-13 16:52 - 2011-09-13 16:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-02-14 07:02 - 2015-02-14 07:02 - 0008696 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-04 14:43 - 2015-02-14 07:02 - 0045917 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-14 07:02 - 2015-02-14 07:02 - 0004288 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-02-04 14:43 - 2015-02-14 07:02 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2011-05-10 16:54 - 2015-01-05 13:48 - 0001810 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 04:17

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by koontz312 at 2015-02-16 05:37:03
Running from C:\Users\koontz312\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
18 Wheels of Steel Extreme Trucker (x32 Version: 2.2.0.95 - WildTangent) Hidden
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Age of Castles (x32 Version: 2.2.0.95 - WildTangent) Hidden
Ankh - The Lost Treasures (x32 Version: 2.2.0.97 - WildTangent) Hidden
Astro Avenger (x32 Version: 2.2.0.95 - WildTangent) Hidden
Astro Avenger 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Banana Bugs ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled Twist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build It - Miami Beach Resort (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot: On Vacation (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bus Driver (x32 Version: 2.2.0.95 - WildTangent) Hidden
C771 USB Driver V1.0.11.0 (HKLM-x32\...\{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}) (Version: 1.0.11.0 - CASIO)
Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Chloe's Dream Resort (x32 Version: 2.2.0.98 - WildTangent) Hidden
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Crazy Chicken: Heart of Tibet (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crystal Cave Classic (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crystal Maze (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deer Drive (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{89263C19-557E-4D23-AAD7-113F6175DFC1}) (Version: 1.5.402.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.1 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.66 - ArcSoft)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}) (Version: 2.0.0.50 - ArcSoft)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.50 - ArcSoft)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Direct Show Ogg Vorbis Filter (remove only) (HKLM-x32\...\OggDS) (Version:  - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora Saves the Crystal Kingdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Ballet Adventures (x32 Version: 2.2.0.98 - WildTangent) Hidden
Eighteen Wheels of Steel Haulin' (x32 Version: 2.2.0.95 - WildTangent) Hidden
Eighteen Wheels of Steel: Extreme Trucker 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fairy Tales: Four Seasons Stories (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015INT_is1) (Version: 1.2.0.0 - GIANTS Software)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Feeding Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Feeding Frenzy 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom ™ 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut (x32 Version: 2.2.0.98 - WildTangent) Hidden
Gear Grinder (x32 Version: 2.2.0.95 - WildTangent) Hidden
GO Diego GO! Dinosaur Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hazen ® (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotel Dash 2: Lost Luxuries (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Jessicas Cupcake Cafe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Mysteries 2 Trail of the Midnight Heart (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\{377C9E1B-28E9-40C3-836C-85F8E839D4E6}) (Version: 1.00.0000 - Valusoft)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kidzui (HKLM-x32\...\Kidzui) (Version:  - )
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.70.1044 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.0.623 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Military Life: Tank Simulator (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenGL Extensions Viewer 3.0 (HKLM-x32\...\GLVIEW3) (Version: 408 - )
Peggle Nights (x32 Version: 2.2.0.97 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari Island (x32 Version: 2.2.0.98 - WildTangent) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpongeBob Atlantis SquareOff (x32 Version: 2.2.0.95 - WildTangent) Hidden
SpongeBob Diner Dash 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
SpongeBob: Clash of Triton (x32 Version: 2.2.0.98 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Star Defender 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Star Defender 4 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Star Defender III (x32 Version: 2.2.0.97 - WildTangent) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tasty Planet: Back for Seconds (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Secret of Hildegards (x32 Version: 2.2.0.98 - WildTangent) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Universal Media Player (HKLM-x32\...\Universal Media Player) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World of Goo (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2261786481-891652113-2891113778-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2261786481-891652113-2891113778-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\crypt32.dll No File

==================== Restore Points  =========================

11-02-2015 05:48:36 Windows Update
12-02-2015 03:00:16 Windows Update
13-02-2015 03:00:49 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-14 06:52 - 00001512 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
162.247.13.86 www.google-analytics.com.
162.247.13.86 google-analytics.com.
162.247.13.86 connect.facebook.net.
89.163.213.174 www.google-analytics.com.
89.163.213.174 google-analytics.com.
89.163.213.174 connect.facebook.net.
89.163.213.141 www.google-analytics.com.
89.163.213.141 google-analytics.com.
89.163.213.141 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {032ABC2A-78A3-42A0-B28D-5B04B11137B6} - System32\Tasks\{EFCCEBCE-553B-4077-B3F2-F1BADF419222} => pcalua.exe -a "C:\Users\koontz312\AppData\Local\Temp\Temp1_WTR54GS+SetupWizard205.zip\WTR54GS SetupWizard205\Setup.exe"
Task: {035CEC9A-828B-451F-8D9E-6DA71FB53633} - System32\Tasks\{7E26878F-D647-4C35-ABA6-3A2331342712} => D:\SETUP.EXE
Task: {0496E524-7F4B-4C54-B485-4E7ABA840454} - System32\Tasks\{B530C7A9-B838-4963-943B-C53141ED9EAB} => D:\PLAY.EXE
Task: {054008D5-8000-45A3-B1C7-D4CD69FD94D6} - System32\Tasks\{03C7990A-2C53-413F-B139-9D33B06F24EB} => D:\PLAY.EXE
Task: {0610E6B2-A093-41A2-B775-893BCA8ED336} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)
Task: {08D406C0-254F-4E2D-A1C4-31E0A2E07147} - System32\Tasks\{BAC0BDCC-ECAF-4443-8E73-B378AA5CACBA} => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-02-12] (Enigma Software Group USA, LLC.)
Task: {0CE222A8-727D-41A5-AF65-F73ED0515967} - System32\Tasks\{0FFE9ACD-223A-4863-ACB7-593B6953E86E} => D:\SETUP.EXE
Task: {0F797FAE-B5D5-4EE0-9742-83824FD3EC3D} - System32\Tasks\{63320AAB-EE47-4A9E-B825-856559648214} => D:\PLAY.EXE
Task: {116774EA-7860-47B9-BE2C-B87A1C49B222} - System32\Tasks\{710C6340-A00B-45FC-B27D-F5FF4C9EEC32} => D:\PLAY.EXE
Task: {120C2864-5890-46FE-A00F-3B8CBFAFF6DA} - System32\Tasks\{F4B9CCCF-4DD9-4F76-8697-DC0830E05E80} => D:\PLAY.EXE
Task: {190B3239-F019-4A77-9D62-1B2DD3B960FE} - System32\Tasks\{221949D2-277F-40D4-B75F-DCCC5173628C} => D:\PLAY.EXE
Task: {1A71CB86-88A8-456F-95E0-931E715339E8} - System32\Tasks\{68179BEC-4BB4-45ED-8DF0-697460D8677D} => D:\PLAY.EXE
Task: {1DC80D97-0C74-430E-AF97-DC658167D0B9} - System32\Tasks\{D8746C18-E38F-4FD5-B333-E441305EE9C3} => D:\PLAY.EXE
Task: {1DE6DE55-48CD-4F83-A523-C29CBAE6FED0} - System32\Tasks\{4DBBD6DA-459B-498E-A636-6E74695FA267} => D:\PLAY.EXE
Task: {202F97BE-95A8-4A1D-9511-EEFC5AD270EB} - System32\Tasks\{481D0925-D8DF-4AA4-BBA9-D05D84FC12BE} => D:\PLAY.EXE
Task: {24AC1690-4AE6-4DD4-BA7C-7E032D8FF976} - System32\Tasks\{1A97E8C2-8EA8-4D86-8884-EF70F2BC31B3} => D:\PLAY.EXE
Task: {2A9D0957-D9A8-4365-9B2A-40D76EB03B7D} - System32\Tasks\{23B7A457-B591-4F02-AE9E-D6F9E5FDE918} => D:\PLAY.EXE
Task: {2AC42323-1BA3-4F17-9E19-071ABF8C52F7} - System32\Tasks\{077EBB21-B817-47D5-8AF8-7DCA13941648} => D:\SETUP.EXE
Task: {331B8AAA-F481-4AA2-BA60-6A76DEF17675} - System32\Tasks\{DA6914BC-5A34-4920-B4E7-E75E682B1D09} => D:\PLAY.EXE
Task: {33EFCEC7-4674-44DD-B01B-1A928A8B34D1} - System32\Tasks\{6F5F48B7-97A4-4734-87F6-2DF43D6C86B0} => D:\PLAY.EXE
Task: {382888D2-D67B-4E18-BCBD-B3815F595304} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)
Task: {3883BEA6-D400-4E70-9DF1-47023DF7BFD3} - System32\Tasks\{27C4D78E-0B7E-4044-AC16-EAE018D7B691} => D:\PLAY.EXE
Task: {39EA9207-A61C-46E3-8BCA-F1210C1C1E33} - System32\Tasks\{01357D0E-A0D9-4D85-A39B-A50D9E4F5F47} => D:\PLAY.EXE
Task: {3AADDE68-C2A7-4197-BDC2-5499566C939A} - System32\Tasks\{9CC7325F-F363-4174-BEBD-C99B00A45E54} => D:\PLAY.EXE
Task: {3D06706C-D588-4B60-827E-2B72EB79CF28} - System32\Tasks\{85A40B8F-A861-48D6-AE4C-7A1E64301FAF} => D:\SETUP.EXE
Task: {4007B9F7-298B-46B8-8143-EEE98A00BF58} - System32\Tasks\{89C64117-EC4A-4EBC-A87B-19ACD5AA0D8B} => D:\PLAY.EXE
Task: {46C5F7AA-752D-4EB2-830E-CF7DE3A60EE8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {513C1777-BB18-4A79-BF55-690B32D34A63} - System32\Tasks\{428FB584-3D9A-47BA-BCF4-0AD1171D00C2} => D:\PLAY.EXE
Task: {59FF3FBA-C8BD-41FA-A5B5-3D827C2BA319} - System32\Tasks\{8CDE2DD5-840E-4136-BFC6-13EC94351D75} => D:\PLAY.EXE
Task: {5A174CA3-A3B0-4F88-8885-40BAC7CC7959} - System32\Tasks\{83418A0B-1623-46CA-9452-8E4E0B142D0E} => D:\PLAY.EXE
Task: {629B7A85-4E61-4FF4-A18B-C43A5C3C9BFD} - System32\Tasks\{2FBE1B6B-1577-4643-99A0-8B8B2D28BFBC} => D:\PLAY.EXE
Task: {62EE6E5D-93B1-47B2-8BDF-19A444F5DF6B} - System32\Tasks\{2E2C6191-5B49-4ABC-9D8B-ABA8918F2E15} => D:\PLAY.EXE
Task: {6A126DAA-ACFF-4A0D-969E-31748B3171CA} - System32\Tasks\{12F67183-2059-4167-A08E-2C07794474F7} => D:\PLAY.EXE
Task: {6B9E3A96-26A0-4B7F-9D72-C3304A2AE1C5} - System32\Tasks\{EF7D23A6-701C-41A2-807D-60E8437CF475} => D:\PLAY.EXE
Task: {6C7AFCE8-B469-4513-8252-1B0142595170} - System32\Tasks\{D9B36876-39CD-48C8-A8B8-96B810D1AF2D} => D:\PLAY.EXE
Task: {71F27D92-CA6E-4E05-9B93-573188EBBC4F} - System32\Tasks\{3D566455-241C-40EA-812D-11123BD2F7D8} => D:\PLAY.EXE
Task: {752193D5-80D1-47A4-858F-538FDC78671F} - System32\Tasks\{434E61B3-C19A-49E2-93F8-63C4C70FD952} => D:\PLAY.EXE
Task: {75F4EAA7-422F-4FC1-BFA5-0E3E9FA5DA34} - System32\Tasks\{F6E073BC-CBD8-4416-8393-C718E5A2B0F7} => D:\PLAY.EXE
Task: {76B54CC7-68BC-4580-8441-483FCCD70951} - System32\Tasks\{B5DE9C90-3A77-488C-A4F3-1C86D187BC88} => D:\PLAY.EXE
Task: {76F26494-9DA6-4B78-B9DA-0731B874CB19} - System32\Tasks\{A4A8136F-8F33-42AF-B750-4C0BEEE6DAE9} => D:\PLAY.EXE
Task: {7944EE7C-DA53-40F8-A20E-763308F30207} - System32\Tasks\{8B3F3219-B3E9-4CDE-8E6D-FFF587D737BB} => D:\PLAY.EXE
Task: {79BA4057-5454-4006-96A7-5AB70260D303} - System32\Tasks\{8B9849F1-4718-47B5-8D55-ECFA5724707B} => D:\PLAY.EXE
Task: {7C4EAF6E-C7BF-4279-8351-0111CA79D401} - System32\Tasks\{0B44C09A-006F-49DD-9508-07B1836EFC93} => D:\PLAY.EXE
Task: {8007FB56-003E-4301-9873-305C4D86654B} - System32\Tasks\{9A63F99D-FEE8-4606-AFD3-DBD1337EFD8E} => D:\PLAY.EXE
Task: {8B2ACBE5-3730-4E41-8BA3-65D78F26D3E0} - System32\Tasks\{01D8A19D-287A-4F55-986A-FC14DFAD3C89} => D:\PLAY.EXE
Task: {8D74806B-2F9E-4631-AF4A-9F1D08A1E19C} - System32\Tasks\{C2BBB845-69B5-4DB0-9E70-82FE1C8B730B} => D:\PLAY.EXE
Task: {8E881110-1FC6-4A70-B7F7-AEB98A081D12} - System32\Tasks\{3E0AECFE-2F39-4159-96DE-33571D4621F3} => D:\PLAY.EXE
Task: {8F58C1B9-1E15-4B5B-8CB9-0C6315783950} - System32\Tasks\{6FD47C62-207F-4B51-A3E4-9AB4E0398A8B} => D:\PLAY.EXE
Task: {97D02046-052E-4128-82F3-8DEDA1BF623C} - System32\Tasks\{B08E7601-1935-4787-BCBB-71DB05064C5F} => D:\PLAY.EXE
Task: {9A466275-734B-4E12-9100-B2789ED89530} - System32\Tasks\{B86C67AC-C2F5-4EB5-B5E3-205CB0FB7034} => D:\PLAY.EXE
Task: {9C78F1F8-39B4-4D25-A63A-A25DB631DFA6} - System32\Tasks\{F4D202BD-C205-44F2-8A67-FD4B28F0C762} => D:\PLAY.EXE
Task: {9E259ADB-7285-4562-8D5C-C420C104E6C1} - System32\Tasks\{12AB994D-F36C-45B7-81D3-EB03AB86AF22} => D:\PLAY.EXE
Task: {A1583EBC-28BE-4E39-BC34-4CA089A01E03} - System32\Tasks\{C9BCC896-C067-4B81-AEF9-A4483330A5AE} => D:\PLAY.EXE
Task: {A2D04C55-7459-4CC4-B1AF-0BD781BAED65} - System32\Tasks\{87AE3027-BF25-47D0-8296-372C4A9DC147} => D:\PLAY.EXE
Task: {A4FFE83E-0254-4E64-8535-65070BC3D081} - System32\Tasks\{DE42339C-6F76-4923-B6F5-722678C427AD} => D:\PLAY.EXE
Task: {A5677E9B-E9BE-49D8-8640-A6E730EFCA84} - System32\Tasks\{CC88314B-A6FD-4FDC-B9A6-CC2D4E62139E} => D:\PLAY.EXE
Task: {ACC92F42-D219-4386-8A27-541944DB9FC7} - System32\Tasks\{65E812BB-117A-48A1-AF21-0F5D19CA0134} => D:\PLAY.EXE
Task: {B0089BAF-47AA-4218-B80D-D9253D52B357} - System32\Tasks\{42E8A854-D00A-4936-AD1C-AFCC0822FF2D} => D:\PLAY.EXE
Task: {B09E2141-427F-4340-B8D5-F66625519277} - System32\Tasks\{737629B4-9577-460A-B3CB-6F0A820CB3C3} => D:\PLAY.EXE
Task: {B811A906-446F-4A11-9ED5-B630A9F25D38} - System32\Tasks\{7B02C9E0-A1CC-4B2C-A1D2-C689C0D3E536} => D:\PLAY.EXE
Task: {C1E8875E-6578-4EC9-AF21-7BF373655A5B} - System32\Tasks\{1272E72B-85A7-4A0F-89DC-FA533B428738} => D:\PLAY.EXE
Task: {C28DB850-2F6B-4F81-AAA6-33CA9274566D} - System32\Tasks\{A0741416-AA8B-40DE-A7AA-347E4D1A241A} => D:\SETUP.EXE
Task: {C3FFEB53-53A8-4B51-A4D5-ABFEE170D5DE} - System32\Tasks\{AE46223E-A5FF-4520-B1A7-7048B75AEB0C} => D:\PLAY.EXE
Task: {C8A052C5-8BB5-413D-8D89-B0F0CB5892EC} - System32\Tasks\{7149225B-A3C2-47D7-8318-81F782828CBD} => D:\PLAY.EXE
Task: {CA095452-4F42-4221-8BEF-369E163F2750} - System32\Tasks\{FCD6B9AD-14CB-43DF-A769-43715685C0F4} => D:\SETUP.EXE
Task: {CDBEF630-14C5-4BD9-AFFD-72554963A184} - System32\Tasks\{E11B19C2-4AC0-4B7C-9147-C5785A05682D} => D:\SETUP.EXE
Task: {D5AECC69-1177-411E-9C26-28D01B0FE8E9} - System32\Tasks\{92B28852-F0DE-4F54-A10C-DB72BD3145DD} => D:\PLAY.EXE
Task: {D6027CA7-4539-4D9B-AA72-B4D56E3D0571} - System32\Tasks\{97FD0D9F-8036-41DD-98A2-118FDFDEC78B} => D:\PLAY.EXE
Task: {DCAA4ED0-E86D-4730-9C7E-896D1B660742} - System32\Tasks\{5C59947C-71F1-4C12-8F66-0285D90B16A3} => D:\PLAY.EXE
Task: {DD13D9A5-A420-48F0-906D-23B632CBED3B} - System32\Tasks\{71C636C5-8295-4AA2-9286-279D04B63ED3} => D:\PLAY.EXE
Task: {DE90CADC-913A-43B9-9EDD-6EFF6FD29C49} - System32\Tasks\{1FD2763B-36A2-43CC-86DA-0B3F015BAFB1} => D:\PLAY.EXE
Task: {DF4F6BA0-095F-4CC9-9DB7-8B5C27AA19D7} - System32\Tasks\{E69D4850-6BA8-499B-BF8A-8D1A24A46F6B} => D:\PLAY.EXE
Task: {DFAAD814-F6F1-4C46-AC37-CB638885D9DA} - System32\Tasks\{914EDCD4-3D03-4067-8400-581FEA6DFEC0} => D:\PLAY.EXE
Task: {E4298E2B-9AC2-4A4B-8663-BA3C827ED2A5} - System32\Tasks\{918EFEDA-2773-491D-A8EB-1EC360B5B537} => D:\PLAY.EXE
Task: {ED744072-F68C-4F42-BFA8-21B111680138} - System32\Tasks\{F3C6CC28-0CB1-4FFE-9B0C-E702C400D817} => D:\PLAY.EXE
Task: {EF483CED-97CB-426C-A367-E7295EE0A434} - System32\Tasks\{BE5E263D-5641-41E1-B255-A09F6050D44D} => D:\PLAY.EXE
Task: {EF9F4370-D9A9-4AD9-87BE-0B356C5CF4BC} - System32\Tasks\{BE26141D-CE7A-4561-8E9A-33646E420218} => D:\PLAY.EXE
Task: {F40C3CBB-8ECD-48DC-8E67-E1D487379FBC} - System32\Tasks\{79C2DDC2-DED8-44FE-85F4-EFADB1CA662C} => D:\PLAY.EXE
Task: {F8621C0E-0791-4504-9B8B-7BD5C46367CD} - System32\Tasks\{22C66222-102E-4E19-B6C5-0ACC8F7CBC3C} => D:\PLAY.EXE
Task: {FB376F14-AAA9-486F-8DE4-C4975C87F9EE} - System32\Tasks\{D64AAB9D-B750-44B2-AB3A-23FB5A1ECAD6} => D:\PLAY.EXE
Task: {FF561D3C-ECB7-48FD-B419-9FEC4501D5B5} - System32\Tasks\{B9706EFB-53C2-4F03-9663-E66AFBB6DF2E} => D:\PLAY.EXE
Task: {FFC42BD7-0321-423B-A62E-8440B99FE42B} - System32\Tasks\{BAF75972-929D-4A1F-BD64-F986DCA4E599} => D:\PLAY.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2261786481-891652113-2891113778-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\koontz312\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2261786481-891652113-2891113778-500 - Administrator - Disabled)
Guest (S-1-5-21-2261786481-891652113-2891113778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2261786481-891652113-2891113778-1002 - Limited - Enabled)
koontz312 (S-1-5-21-2261786481-891652113-2891113778-1001 - Administrator - Enabled) => C:\Users\koontz312

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2015 02:25:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.

Error: (02/14/2015 06:50:57 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]

Error: (02/14/2015 03:38:50 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (02/14/2015 03:04:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: stage_primary.exe, version: 1.5.420.0, time stamp: 0x4de2c860
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0xe98
Faulting application start time: 0xstage_primary.exe0
Faulting application path: stage_primary.exe1
Faulting module path: stage_primary.exe2
Report Id: stage_primary.exe3

Error: (02/14/2015 02:53:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogitechUpdate.exe, version: 2.10.38.0, time stamp: 0x4be9d566
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x17ec
Faulting application start time: 0xLogitechUpdate.exe0
Faulting application path: LogitechUpdate.exe1
Faulting module path: LogitechUpdate.exe2
Report Id: LogitechUpdate.exe3

Error: (02/13/2015 04:37:36 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (02/13/2015 03:45:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogitechUpdate.exe, version: 2.10.38.0, time stamp: 0x4be9d566
Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bda75
Exception code: 0xc0000005
Fault offset: 0x728e2505
Faulting process id: 0x1498
Faulting application start time: 0xLogitechUpdate.exe0
Faulting application path: LogitechUpdate.exe1
Faulting module path: LogitechUpdate.exe2
Report Id: LogitechUpdate.exe3

Error: (02/13/2015 03:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: stage_primary.exe, version: 1.5.420.0, time stamp: 0x4de2c860
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x7a0
Faulting application start time: 0xstage_primary.exe0
Faulting application path: stage_primary.exe1
Faulting module path: stage_primary.exe2
Report Id: stage_primary.exe3

Error: (02/13/2015 02:29:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17631, time stamp: 0x4ce7a46b
Faulting module name: MSHTML.dll, version: 11.0.9600.17631, time stamp: 0x54b33039
Exception code: 0xc00000fd
Fault offset: 0x000934e6
Faulting process id: 0x271c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (02/13/2015 06:41:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StageRemote.exe, version: 2.0.0.50, time stamp: 0x4e3fb38b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00440185
Faulting process id: 0xfb8
Faulting application start time: 0xStageRemote.exe0
Faulting application path: StageRemote.exe1
Faulting module path: StageRemote.exe2
Report Id: StageRemote.exe3

System errors:
=============
Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/16/2015 05:36:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (02/14/2015 02:25:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.

Error: (02/14/2015 06:50:57 AM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x8007043c, This service cannot be started in Safe Mode

Error: (02/14/2015 03:38:50 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (02/14/2015 03:04:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: stage_primary.exe1.5.420.04de2c860MSVCR90.dll9.0.30729.61614dace5b9400000150005beaee9801d04829f3b9e722C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll1d8e8759-b420-11e4-b352-b8ac6fe4fe28

Error: (02/14/2015 02:53:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogitechUpdate.exe2.10.38.04be9d566ole32.dll6.1.7601.175144ce7b96fc00000050003934217ec01d0482a56b2ee72C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exeC:\Windows\syswow64\ole32.dll8d3bdc43-b41e-11e4-b352-b8ac6fe4fe28

Error: (02/13/2015 04:37:36 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (02/13/2015 03:45:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogitechUpdate.exe2.10.38.04be9d566netprofm.dll_unloaded0.0.0.04a5bda75c0000005728e2505149801d047cb9658bcbaC:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exenetprofm.dll4c94df62-b3c1-11e4-aa53-b8ac6fe4fe28

Error: (02/13/2015 03:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: stage_primary.exe1.5.420.04de2c860MSVCR90.dll9.0.30729.61614dace5b9400000150005beae7a001d047cb4b55154bC:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll9ca71948-b3be-11e4-aa53-b8ac6fe4fe28

Error: (02/13/2015 02:29:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.176314ce7a46bMSHTML.dll11.0.9600.1763154b33039c00000fd000934e6271c01d047c3319782c8C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll968efa7a-b3b6-11e4-a64f-b8ac6fe4fe28

Error: (02/13/2015 06:41:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: StageRemote.exe2.0.0.504e3fb38bunknown0.0.0.000000000c000000500440185fb801d04775005c782bC:\Program Files (x86)\Dell\Stage Remote\StageRemote.exeunknown3929a0e4-b375-11e4-a64f-b8ac6fe4fe28

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 4060.98 MB
Available physical RAM: 2942.43 MB
Total Pagefile: 8120.16 MB
Available Pagefile: 7001.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:356.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F6342AC7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 SEREDMAN

SEREDMAN
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 16 February 2015 - 10:04 AM

And there were 2 TDSS files so I attached both.Attached File  TDSSKiller.3.0.0.44_16.02.2015_05.43.17_log.txt   4.08KB   0 downloadsAttached File  TDSSKiller.3.0.0.44_16.02.2015_05.44.36_log.txt   214.19KB   1 downloads



#7 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 17 February 2015 - 03:57 AM

Hi Sarah, 
 
Please do the following. 
We'll move onto attempting file recovery once your machine appears clean. 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [HuyaTurz] => regsvr32.exe "C:\ProgramData\HuyaTurz\PaxeGhacp.tgx"
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [Svc2dll] => C:\Users\koontz312\AppData\Local\svcxdcl32.exe [262144 2015-02-14] ()
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: E - E:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: J - J:\VZW_Software_upgrade_assistant_installer.exe
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {4bb6fa7a-9f23-11e4-ab8c-b8ac6fe4fe28} - E:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {68a76675-2385-11e4-bb3b-b8ac6fe4fe28} - J:\VZW_Software_upgrade_assistant_installer.exe
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {a0b576e8-8cbd-11e4-aba0-b8ac6fe4fe28} - J:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {a722b6e3-dcdd-11e0-9bdf-b8ac6fe4fe28} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {a8f16262-413b-11e4-9e8e-b8ac6fe4fe28} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\TL-Bootstrap.exe
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\MountPoints2: {a8f16266-413b-11e4-9e8e-b8ac6fe4fe28} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
    HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
    SearchScopes: HKU\S-1-5-21-2261786481-891652113-2891113778-1001 -> {76BEEE84-BEE2-4526-95C9-FEE98140EDF6} URL = http://search.genieo.com/results.html?v=w3i20&wtag=W3i_IA,206,0_01,DefaultSearch,20141148,19841,IE11,0,6944&q={searchTerms}
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
    Toolbar: HKU\S-1-5-21-2261786481-891652113-2891113778-1001 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
    CHR HKLM-x32\...\Chrome\Extension: [aifbkdoebpbcaddcjobobbanaokiepnb] - No Path
    S3 mfehidk01; \Device\mfehidk01.sys [X]
    2015-02-14 06:52 - 2015-02-14 06:54 - 00000153 _____ () C:\Users\koontz312\AppData\Local\svcxdcl32.dat
    2015-02-14 06:52 - 2015-02-14 06:52 - 00262144 _____ () C:\Users\koontz312\AppData\Local\svcxdcl32.exe
    2015-02-14 06:51 - 2015-02-14 06:51 - 00000000 ____D () C:\ProgramData\HuyaTurz
    2015-02-14 02:45 - 2015-02-14 02:45 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{1157C778-9BCF-48F7-A7B4-2F6D89970C33}
    2015-02-13 09:33 - 2015-02-13 09:33 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{130DB71D-0984-469B-B706-26021A937DC2}
    2015-02-12 21:32 - 2015-02-12 21:33 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{30087121-6BDF-4095-A390-948F9E8E7CA0}
    2015-02-12 21:23 - 2015-02-12 21:24 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{B56929D9-C0FB-4571-90A2-A31279213A82}
    2015-02-12 06:52 - 2015-02-12 06:52 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{0FFEC12E-097E-47FC-8EF1-0CC8FE31E688}
    2015-02-12 06:13 - 2015-02-12 06:13 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{107449EF-39B9-438F-924C-CB339A6A719A}
    2015-02-12 05:39 - 2015-02-12 05:39 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{DB223036-75EF-4A5D-A040-3314CF0D56F3}
    2015-02-12 05:30 - 2015-02-12 05:31 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{5986F74F-44D8-4784-965C-F6DCBCB118CA}
    2015-02-01 10:00 - 2015-02-01 10:00 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{C84AA1DA-3AD5-4CE9-A922-85029BF9C19D}
    2015-01-29 10:29 - 2015-01-29 22:30 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{7EE141B8-B6FD-4FB0-902D-1B89783BFC65}
    2015-01-28 12:29 - 2015-01-28 12:30 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{B0AD0CAF-88F0-40E2-AA5A-4D2F7CD9073A}
    2015-01-27 10:11 - 2015-01-27 10:11 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{4C3BEEA9-7F7A-4030-9DF6-86C4C58DB91C}
    2015-01-27 09:09 - 2015-01-27 09:09 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{C70F7C35-126F-4353-99C5-9FCD1F26960F}
    Folder: C:\ProgramData\3ac76aec00007e86
    2015-01-26 14:28 - 2015-02-13 22:25 - 00000000 ____D () C:\Users\koontz312\Documents\Super Optimizer
    Folder: C:\Users\koontz312\AppData\Roaming\0C1T1E2Z1T1L1G1Q1F2W1G1I1F1T1Q1B
    2015-01-26 09:16 - 2015-01-26 09:16 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{87C5BB8A-B60A-42AA-94CF-1F90F387F591}
    2015-01-25 09:53 - 2015-01-25 09:54 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{D0EDA1F3-4549-41BA-B381-A8A77A91A00D}
    2015-01-23 13:37 - 2015-01-23 13:37 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{24767574-4A51-4E2D-BECD-EC39651F108A}
    2015-01-22 06:19 - 2015-01-22 06:19 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{943105AF-747F-4A85-8270-DC866589AE10}
    2015-01-21 19:30 - 2015-01-21 19:30 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2015-01-21 19:29 - 2015-02-14 02:37 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2015-01-21 00:35 - 2015-01-21 12:37 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{62CD8214-C012-422A-A8EE-A0FA65B06492}
    2015-01-20 12:34 - 2015-01-20 12:34 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{E3F6F9AE-D7CB-4F0C-8115-F026F5FCD7C4}
    2015-01-20 00:29 - 2015-01-20 12:34 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{D40E9F6D-4F63-42E3-A366-C8C98AE72DEC}
    2015-01-20 00:29 - 2015-01-20 00:29 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{CF32E2AA-4CB0-4D38-9A9C-7D554BDCFF09}
    2015-01-20 00:27 - 2015-01-20 12:34 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{B30A92A8-2574-4374-AA62-59FC01269BE6}
    2015-01-18 10:57 - 2015-01-20 12:34 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{D8C00C98-2EB1-4C3B-8803-2E26BBB7E795}
    2015-01-17 19:05 - 2015-01-17 19:05 - 00000000 ____D () C:\Users\koontz312\AppData\Local\{337BDF00-762D-4047-9453-E7A5B002B062}
    CustomCLSID: HKU\S-1-5-21-2261786481-891652113-2891113778-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
    CustomCLSID: HKU\S-1-5-21-2261786481-891652113-2891113778-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\crypt32.dll No File
    CMD: del /f /s /q "HELP_DECRYPT.*"
    CMD: ipconfig /flushdns
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    Hosts:
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the file in your next reply.
     

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W7).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt (attached!)
  • JRT.txt
  • AdwCleaner[S0].txt

Posted Image

#8 SEREDMAN

SEREDMAN
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 February 2015 - 12:39 PM

I have attached the Fixlog.txt but ran into trouble with Steps 2 and 3.

I had run the JRT and copied the txt to message for you but when I went to run the AdwCleaner it needed to restart the computer and I should have sent you the message first but I didn't and lost the log.  I reran the JRT and copied and pasted the log for a second time.

I am unable to get the log for the AdwCleaner because when it required my computer to restart it kept telling me there was an issue with Windows and it wouldn't restart unless in safe mode with networking.

I'm sorry if I screwed something up but where do I go from here??

 

 

 

Attached File  Fixlog.txt   14.92KB   5 downloads

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by koontz312 on Tue 02/17/2015 at 12:29:42.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                    
========================================================================================
    BluetoothS    REG_EXPAND_SZ    rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/17/2015 at 12:30:55.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 17 February 2015 - 01:32 PM

Hello Sarah, 
 
Are you able to boot normally into Windows? If you can, please do the following. 
If not, please boot into Safe Mode. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

Posted Image

#10 SEREDMAN

SEREDMAN
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 February 2015 - 02:13 PM

Ok  Here are both the FRST.txt & Additional.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by koontz312 (administrator) on KOONTZ312-PC on 17-02-2015 14:03:57
Running from C:\Users\koontz312\Downloads
Loaded Profiles: koontz312 (Available profiles: koontz312)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2034752 2011-08-08] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1674896 2011-09-16] (McAfee, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-06] (Dell)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid\Vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [Logitech Vid HD] => C:\Program Files (x86)\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [5329 2015-02-17] ()
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2261786481-891652113-2891113778-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150217115822.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150217115822.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2BB6C7B0-002A-4521-8E1F-DF3FA66594D7}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-05-04]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-10]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-05-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-05-04]
FF HKU\S-1-5-21-2261786481-891652113-2891113778-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-10] (WildTangent)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [220528 2010-08-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-12] (Enigma Software Group USA, LLC.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 0231291423943068mcinstcleanup; C:\Windows\TEMP\023129~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 C771BUS; C:\Windows\System32\DRIVERS\C771BUS.sys [71752 2010-08-26] (DEVGURU Co., LTD.)
S3 C771VSP; C:\Windows\System32\DRIVERS\C771VSP.sys [186056 2010-08-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-02-12] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-12] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 12:30 - 2015-02-17 12:30 - 00000970 _____ () C:\Users\koontz312\Desktop\JRT.txt
2015-02-17 12:15 - 2015-02-17 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-17 11:58 - 2015-02-17 12:02 - 00000000 ____D () C:\AdwCleaner
2015-02-17 11:56 - 2015-02-17 11:57 - 02112512 _____ () C:\Users\koontz312\Downloads\AdwCleaner.exe
2015-02-17 06:55 - 2015-02-17 06:57 - 13087456 _____ (Microsoft Corporation) C:\Users\koontz312\Downloads\Silverlight_x64.exe
2015-02-17 06:45 - 2015-02-17 12:09 - 00018944 ___SH () C:\Users\koontz312\Thumbs.db
2015-02-17 06:39 - 2015-02-17 06:39 - 00271872 _____ () C:\Windows\Minidump\021715-20841-01.dmp
2015-02-17 06:31 - 2015-02-17 06:31 - 00271872 _____ () C:\Windows\Minidump\021715-19734-01.dmp
2015-02-17 06:27 - 2015-02-17 06:29 - 01388274 _____ (Thisisu) C:\Users\koontz312\Downloads\JRT.exe
2015-02-17 06:20 - 2015-02-17 06:20 - 00271872 _____ () C:\Windows\Minidump\021715-18876-01.dmp
2015-02-17 05:46 - 2015-02-17 12:09 - 00018944 ___SH () C:\Users\koontz312\AppData\Thumbs.db
2015-02-16 05:42 - 2015-02-16 05:43 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\koontz312\Downloads\tdsskiller.exe
2015-02-16 05:34 - 2015-02-16 05:41 - 00041239 _____ () C:\Users\koontz312\Downloads\Addition.txt
2015-02-16 05:33 - 2015-02-17 14:04 - 00017441 _____ () C:\Users\koontz312\Downloads\FRST.txt
2015-02-16 05:33 - 2015-02-17 14:04 - 00000000 ____D () C:\FRST
2015-02-16 05:28 - 2015-02-16 05:31 - 01125888 _____ (Farbar) C:\Users\koontz312\Downloads\FRST.exe
2015-02-16 05:27 - 2015-02-16 05:32 - 02085888 _____ (Farbar) C:\Users\koontz312\Downloads\FRST64.exe
2015-02-16 05:21 - 2015-02-17 14:00 - 318723585 _____ () C:\Windows\MEMORY.DMP
2015-02-16 05:21 - 2015-02-17 06:39 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 05:21 - 2015-02-16 05:21 - 00271872 _____ () C:\Windows\Minidump\021615-18314-01.dmp
2015-02-14 14:44 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-02-14 07:10 - 2015-02-14 07:10 - 00008696 _____ () C:\Users\koontz312\HELP_DECRYPT.HTML
2015-02-14 07:10 - 2015-02-14 07:10 - 00008696 _____ () C:\Users\koontz312\Desktop\HELP_DECRYPT.HTML
2015-02-14 07:10 - 2015-02-14 07:10 - 00008696 _____ () C:\Users\HELP_DECRYPT.HTML
2015-02-14 07:10 - 2015-02-14 07:10 - 00008696 _____ () C:\HELP_DECRYPT.HTML
2015-02-14 07:10 - 2015-02-14 07:10 - 00004288 _____ () C:\Users\koontz312\HELP_DECRYPT.TXT
2015-02-14 07:10 - 2015-02-14 07:10 - 00004288 _____ () C:\Users\koontz312\Desktop\HELP_DECRYPT.TXT
2015-02-14 07:10 - 2015-02-14 07:10 - 00004288 _____ () C:\Users\HELP_DECRYPT.TXT
2015-02-14 07:10 - 2015-02-14 07:10 - 00004288 _____ () C:\HELP_DECRYPT.TXT
2015-02-14 07:10 - 2015-02-14 07:10 - 00000300 _____ () C:\Users\koontz312\Desktop\HELP_DECRYPT.URL
2015-02-14 07:10 - 2015-02-14 07:10 - 00000300 _____ () C:\Users\HELP_DECRYPT.URL
2015-02-14 07:10 - 2015-02-14 07:10 - 00000300 _____ () C:\HELP_DECRYPT.URL
2015-02-14 07:03 - 2015-02-14 07:03 - 00008696 _____ () C:\Users\koontz312\Documents\HELP_DECRYPT.HTML
2015-02-14 07:03 - 2015-02-14 07:03 - 00008696 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-14 07:03 - 2015-02-14 07:03 - 00008696 _____ () C:\Users\koontz312\AppData\HELP_DECRYPT.HTML
2015-02-14 07:03 - 2015-02-14 07:03 - 00004288 _____ () C:\Users\koontz312\Documents\HELP_DECRYPT.TXT
2015-02-14 07:03 - 2015-02-14 07:03 - 00004288 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.TXT
2015-02-14 07:03 - 2015-02-14 07:03 - 00004288 _____ () C:\Users\koontz312\AppData\HELP_DECRYPT.TXT
2015-02-14 07:02 - 2015-02-14 07:02 - 00008696 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.HTML
2015-02-14 07:02 - 2015-02-14 07:02 - 00008696 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-14 07:02 - 2015-02-14 07:02 - 00004288 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.TXT
2015-02-14 07:02 - 2015-02-14 07:02 - 00004288 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-02-14 06:57 - 2015-02-14 07:05 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Local Store
2015-02-14 06:52 - 2015-02-14 06:52 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-02-13 02:36 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 02:36 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 02:36 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 02:36 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 21:49 - 2015-02-12 06:02 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-12 21:44 - 2015-02-12 21:44 - 00003008 _____ () C:\Windows\System32\Tasks\{BAC0BDCC-ECAF-4443-8E73-B378AA5CACBA}
2015-02-12 21:19 - 2015-02-14 14:18 - 00012795 _____ () C:\sh4_service.log
2015-02-12 21:16 - 2015-02-12 06:50 - 00285747 _____ () C:\shldr
2015-02-12 21:16 - 2015-02-12 06:50 - 00008192 _____ () C:\shldr.mbr
2015-02-12 16:19 - 2015-02-14 09:10 - 00002365 _____ () C:\spyhunter.log
2015-02-12 09:07 - 2015-02-12 09:38 - 39739064 _____ (Microsoft Corporation) C:\Users\koontz312\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-12 09:07 - 2015-02-12 09:14 - 02238600 _____ (Microsoft Corporation) C:\Users\koontz312\Downloads\DefaultPack.EXE
2015-02-12 07:00 - 2015-02-12 07:00 - 00000000 _____ () C:\autoexec.bat
2015-02-12 06:59 - 2015-02-14 03:38 - 00001295 _____ () C:\Users\koontz312\Desktop\SpyHunter.lnk
2015-02-12 06:59 - 2015-02-12 21:49 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-02-12 06:59 - 2015-02-12 06:59 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Enigma Software Group
2015-02-12 06:42 - 2015-02-12 06:50 - 00000000 ____D () C:\sh4ldr
2015-02-12 05:57 - 2015-02-12 05:57 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-12 05:54 - 2015-02-12 21:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\koontz312\Downloads\SpyHunter-Installer.exe
2015-02-11 06:39 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 06:39 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 06:39 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 06:39 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 06:39 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 06:39 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 06:39 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 06:39 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 06:39 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 06:39 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 06:39 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 06:39 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 06:39 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 06:39 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 06:39 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 06:39 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 06:39 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 06:39 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 06:39 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 06:39 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 06:39 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 06:39 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 06:39 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 06:39 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 06:39 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 06:39 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 06:39 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 06:39 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 06:39 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 06:39 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 06:39 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 06:39 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 06:39 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 06:39 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 06:39 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 06:39 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 06:39 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 06:39 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 06:39 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 06:39 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 06:39 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 06:39 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 06:39 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 06:39 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 06:39 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 06:39 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 06:39 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 06:38 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 06:38 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 06:38 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 06:38 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 06:38 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 06:31 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 06:31 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 06:30 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 06:01 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 06:01 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 06:01 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 06:00 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 06:00 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 06:00 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 06:00 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 06:00 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 06:00 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 06:00 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 05:59 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 05:59 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 05:59 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 05:58 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 05:58 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 05:58 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 05:58 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 05:58 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 05:58 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 05:58 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 05:58 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 05:58 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 05:58 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 05:58 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 05:58 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 05:58 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 05:58 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 05:58 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 05:58 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 05:58 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 05:58 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 05:58 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 05:58 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 05:57 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 05:57 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 05:55 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 05:55 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 05:51 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 05:51 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 05:48 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-04 15:29 - 2015-02-14 07:10 - 00000300 _____ () C:\Users\koontz312\HELP_DECRYPT.URL
2015-02-04 15:29 - 2015-02-04 15:29 - 00000300 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-02-04 14:47 - 2015-02-14 07:03 - 00000300 _____ () C:\Users\koontz312\Documents\HELP_DECRYPT.URL
2015-02-04 14:46 - 2015-02-14 07:03 - 00000300 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.URL
2015-02-04 14:46 - 2015-02-14 07:03 - 00000300 _____ () C:\Users\koontz312\AppData\HELP_DECRYPT.URL
2015-02-04 14:45 - 2015-02-14 07:02 - 00000300 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.URL
2015-02-04 14:43 - 2015-02-14 07:02 - 00000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-28 12:22 - 2015-02-14 02:45 - 00000000 ___RD () C:\Users\koontz312\Google Drive
2015-01-28 12:22 - 2015-01-28 12:22 - 00001707 _____ () C:\Users\koontz312\Desktop\Google Drive.lnk
2015-01-28 11:37 - 2015-01-28 11:37 - 00002004 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-28 11:37 - 2015-01-28 11:37 - 00002002 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-28 11:37 - 2015-01-28 11:37 - 00001992 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-28 11:37 - 2015-01-28 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 10:30 - 2015-02-17 06:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 10:30 - 2015-02-17 06:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 10:30 - 2015-02-05 05:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-28 10:30 - 2015-02-05 05:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-28 10:30 - 2015-01-29 09:58 - 06000640 _____ () C:\Program Files (x86)\GUT1234.tmp
2015-01-28 10:30 - 2015-01-28 10:30 - 00000000 ____D () C:\Program Files (x86)\GUM1233.tmp
2015-01-28 10:29 - 2015-01-28 10:29 - 00880784 _____ (Google Inc.) C:\Users\koontz312\Downloads\googledrivesync.exe
2015-01-26 14:29 - 2015-01-26 14:33 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\.minecraft
2015-01-26 14:27 - 2015-01-26 14:27 - 00020672 _____ () C:\Users\koontz312\AppData\Roaming\ICSW_0C1T1E2Z1T1L1G1Q1F2W1G1I1F1T1Q1BtJ1V0G1P1P1J0B2Y1Q1Q2U.txt
2015-01-26 14:21 - 2015-01-26 14:21 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\0C1T1E2Z1T1L1G1Q1F2W1G1I1F1T1Q1B
2015-01-25 09:56 - 2015-01-25 14:00 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\CVS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 12:08 - 2011-05-04 11:53 - 00159546 _____ () C:\Windows\PFRO.log
2015-02-17 11:49 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 11:49 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 06:45 - 2011-05-10 14:02 - 00000000 ____D () C:\Users\koontz312
2015-02-17 06:41 - 2011-05-04 10:21 - 00000000 ____D () C:\ProgramData\Sonic
2015-02-17 06:40 - 2011-11-08 19:35 - 00071168 ___SH () C:\Users\koontz312\Desktop\Thumbs.db
2015-02-17 06:40 - 2011-08-23 07:49 - 00000000 ____D () C:\Users\koontz312\Tracing
2015-02-17 06:40 - 2011-05-04 10:09 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-02-17 06:39 - 2011-05-04 10:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-02-17 06:39 - 2011-05-04 10:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-02-17 06:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 06:39 - 2009-07-13 23:51 - 00082956 _____ () C:\Windows\setupact.log
2015-02-17 06:35 - 2009-07-14 00:10 - 01535304 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 05:40 - 2011-10-26 16:35 - 00248320 ___SH () C:\Users\koontz312\Downloads\Thumbs.db
2015-02-14 14:44 - 2011-05-04 10:17 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-14 07:03 - 2011-09-28 20:03 - 00000000 ____D () C:\Users\koontz312\Documents\My Games
2015-02-14 07:02 - 2011-06-26 23:42 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Google
2015-02-14 07:02 - 2011-05-10 18:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-14 07:02 - 2011-05-10 14:08 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Adobe
2015-02-14 07:01 - 2011-05-04 10:21 - 00000000 ____D () C:\ProgramData\PhotoShow Shared Assets
2015-02-14 07:00 - 2011-05-04 10:17 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-14 06:58 - 2014-07-28 12:30 - 00000000 ____D () C:\ProgramData\Logitech
2015-02-14 06:58 - 2014-07-28 12:29 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-02-14 06:58 - 2011-05-10 16:53 - 00000000 ____D () C:\ProgramData\HP
2015-02-14 06:58 - 2011-05-04 10:20 - 00000000 ____D () C:\ProgramData\Macrovision
2015-02-14 06:57 - 2014-08-08 14:34 - 00000000 ____D () C:\Papyrus
2015-02-14 06:57 - 2011-05-04 12:25 - 00000000 ____D () C:\dell
2015-02-13 22:26 - 2011-05-23 20:36 - 00000000 ____D () C:\Users\koontz312\Documents\My Scans
2015-02-13 22:25 - 2011-09-20 16:38 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Playrix Entertainment
2015-02-13 22:25 - 2011-09-13 16:50 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Skype
2015-02-13 22:25 - 2011-07-21 11:37 - 00000000 ____D () C:\Users\koontz312\Documents\CrystalCaveClassic
2015-02-13 22:25 - 2011-07-19 08:57 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\runic games
2015-02-13 22:25 - 2011-07-16 17:53 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\PlayFirst
2015-02-13 22:25 - 2011-06-15 17:41 - 00000000 ____D () C:\Users\koontz312\Documents\LDW
2015-02-13 22:25 - 2011-05-31 23:40 - 00000000 ____D () C:\Users\koontz312\Documents\Ankh - The Lost Treasures
2015-02-13 22:24 - 2011-09-22 16:04 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Jewel Match 3
2015-02-13 22:24 - 2011-09-08 16:53 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\KidZui
2015-02-13 22:24 - 2011-07-04 20:51 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\dingogames
2015-02-13 22:24 - 2011-05-10 17:04 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\HP
2015-02-13 22:24 - 2011-05-10 14:08 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Macromedia
2015-02-13 22:24 - 2011-05-10 14:07 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Dell Touch Zone
2015-02-13 22:24 - 2011-05-10 14:07 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\Dell
2015-02-13 22:22 - 2011-05-25 18:18 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Wild Tangent
2015-02-13 21:13 - 2014-09-06 10:47 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Skype
2015-02-13 21:13 - 2011-05-18 14:41 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Microsoft Games
2015-02-13 21:00 - 2011-05-10 14:08 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Dell
2015-02-13 21:00 - 2011-05-10 14:08 - 00000000 ____D () C:\Users\koontz312\AppData\Local\ArcSoft
2015-02-13 20:38 - 2011-05-04 10:06 - 00000000 ____D () C:\ProgramData\WildTangent
2015-02-13 20:37 - 2011-05-24 12:18 - 00000000 ____D () C:\ProgramData\Wild Tangent
2015-02-13 20:37 - 2011-05-04 10:10 - 00000000 ____D () C:\ProgramData\Skype
2015-02-13 20:36 - 2011-09-20 16:44 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2015-02-13 20:36 - 2011-05-26 10:17 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-02-13 20:21 - 2011-08-14 20:47 - 00000000 ____D () C:\ProgramData\AWEM
2015-02-13 20:21 - 2011-07-05 19:29 - 00000000 ____D () C:\ProgramData\GameHouse
2015-02-13 20:21 - 2011-05-04 10:12 - 00000000 ____D () C:\ProgramData\Dell
2015-02-13 04:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 04:00 - 2011-05-04 10:17 - 00000000 ____D () C:\Program Files\mcafee
2015-02-13 04:00 - 2011-05-04 10:17 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-12 03:47 - 2009-07-13 23:45 - 00321280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:44 - 2014-12-11 03:25 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:44 - 2014-07-16 03:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:43 - 2011-05-14 18:54 - 00000000 ____D () C:\Users\koontz312\AppData\Roaming\SoftGrid Client
2015-02-12 03:21 - 2014-07-15 02:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 09:59 - 2011-05-24 04:49 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-02-05 14:42 - 2011-05-24 04:50 - 00002390 ____N () C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
2015-02-05 14:42 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-29 17:49 - 2011-05-19 05:56 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 11:37 - 2011-07-03 17:00 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-27 09:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-27 09:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-27 09:21 - 2011-05-14 18:59 - 00000000 __RHD () C:\MSOCache
2015-01-20 21:10 - 2011-08-28 10:46 - 00000000 ____D () C:\Users\koontz312\Documents\Drive Green
2015-01-18 15:51 - 2011-08-08 12:56 - 00000000 ____D () C:\Users\koontz312\AppData\Local\Windows Live
2015-01-18 11:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-01-28 10:30 - 2015-01-29 09:58 - 6000640 _____ () C:\Program Files (x86)\GUT1234.tmp
2010-07-23 06:53 - 2010-07-23 06:53 - 0208720 _____ (Microsoft Corporation) C:\Users\koontz312\AppData\Roaming\BtvStack.dll
2015-02-14 07:03 - 2015-02-14 07:03 - 0008696 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-04 14:46 - 2015-02-14 07:03 - 0045917 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.PNG
2015-02-14 07:03 - 2015-02-14 07:03 - 0004288 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.TXT
2015-02-04 14:46 - 2015-02-14 07:03 - 0000300 _____ () C:\Users\koontz312\AppData\Roaming\HELP_DECRYPT.URL
2015-01-26 14:27 - 2015-01-26 14:27 - 0020672 _____ () C:\Users\koontz312\AppData\Roaming\ICSW_0C1T1E2Z1T1L1G1Q1F2W1G1I1F1T1Q1BtJ1V0G1P1P1J0B2Y1Q1Q2U.txt
2015-02-14 07:02 - 2015-02-14 07:02 - 0008696 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.HTML
2015-02-04 14:45 - 2015-02-14 07:02 - 0045917 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.PNG
2015-02-14 07:02 - 2015-02-14 07:02 - 0004288 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.TXT
2015-02-04 14:45 - 2015-02-14 07:02 - 0000300 _____ () C:\Users\koontz312\AppData\Local\HELP_DECRYPT.URL
2011-09-13 16:52 - 2011-09-13 16:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-02-14 07:02 - 2015-02-14 07:02 - 0008696 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-04 14:43 - 2015-02-14 07:02 - 0045917 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-14 07:02 - 2015-02-14 07:02 - 0004288 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-02-04 14:43 - 2015-02-14 07:02 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2011-05-10 16:54 - 2015-01-05 13:48 - 0001810 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 04:17

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by koontz312 at 2015-02-17 14:04:51
Running from C:\Users\koontz312\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
18 Wheels of Steel Extreme Trucker (x32 Version: 2.2.0.95 - WildTangent) Hidden
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Age of Castles (x32 Version: 2.2.0.95 - WildTangent) Hidden
Ankh - The Lost Treasures (x32 Version: 2.2.0.97 - WildTangent) Hidden
Astro Avenger (x32 Version: 2.2.0.95 - WildTangent) Hidden
Astro Avenger 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Banana Bugs ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled Twist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build It - Miami Beach Resort (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot: On Vacation (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bus Driver (x32 Version: 2.2.0.95 - WildTangent) Hidden
C771 USB Driver V1.0.11.0 (HKLM-x32\...\{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}) (Version: 1.0.11.0 - CASIO)
Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Chloe's Dream Resort (x32 Version: 2.2.0.98 - WildTangent) Hidden
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Crazy Chicken: Heart of Tibet (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crystal Cave Classic (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crystal Maze (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deer Drive (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{89263C19-557E-4D23-AAD7-113F6175DFC1}) (Version: 1.5.402.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.1 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.66 - ArcSoft)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}) (Version: 2.0.0.50 - ArcSoft)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.50 - ArcSoft)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Direct Show Ogg Vorbis Filter (remove only) (HKLM-x32\...\OggDS) (Version:  - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora Saves the Crystal Kingdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Ballet Adventures (x32 Version: 2.2.0.98 - WildTangent) Hidden
Eighteen Wheels of Steel Haulin' (x32 Version: 2.2.0.95 - WildTangent) Hidden
Eighteen Wheels of Steel: Extreme Trucker 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fairy Tales: Four Seasons Stories (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015INT_is1) (Version: 1.2.0.0 - GIANTS Software)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Feeding Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Feeding Frenzy 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom ™ 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut (x32 Version: 2.2.0.98 - WildTangent) Hidden
Gear Grinder (x32 Version: 2.2.0.95 - WildTangent) Hidden
GO Diego GO! Dinosaur Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hazen ® (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotel Dash 2: Lost Luxuries (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Jessicas Cupcake Cafe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Mysteries 2 Trail of the Midnight Heart (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\{377C9E1B-28E9-40C3-836C-85F8E839D4E6}) (Version: 1.00.0000 - Valusoft)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kidzui (HKLM-x32\...\Kidzui) (Version:  - )
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.70.1044 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.0.623 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Military Life: Tank Simulator (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenGL Extensions Viewer 3.0 (HKLM-x32\...\GLVIEW3) (Version: 408 - )
Peggle Nights (x32 Version: 2.2.0.97 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari Island (x32 Version: 2.2.0.98 - WildTangent) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpongeBob Atlantis SquareOff (x32 Version: 2.2.0.95 - WildTangent) Hidden
SpongeBob Diner Dash 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
SpongeBob: Clash of Triton (x32 Version: 2.2.0.98 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Star Defender 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Star Defender 4 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Star Defender III (x32 Version: 2.2.0.97 - WildTangent) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tasty Planet: Back for Seconds (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Secret of Hildegards (x32 Version: 2.2.0.98 - WildTangent) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Universal Media Player (HKLM-x32\...\Universal Media Player) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World of Goo (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

13-02-2015 03:00:49 Windows Update
17-02-2015 06:42:57 BleepingRestore

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-17 05:49 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {032ABC2A-78A3-42A0-B28D-5B04B11137B6} - System32\Tasks\{EFCCEBCE-553B-4077-B3F2-F1BADF419222} => pcalua.exe -a "C:\Users\koontz312\AppData\Local\Temp\Temp1_WTR54GS+SetupWizard205.zip\WTR54GS SetupWizard205\Setup.exe"
Task: {035CEC9A-828B-451F-8D9E-6DA71FB53633} - System32\Tasks\{7E26878F-D647-4C35-ABA6-3A2331342712} => D:\SETUP.EXE
Task: {0496E524-7F4B-4C54-B485-4E7ABA840454} - System32\Tasks\{B530C7A9-B838-4963-943B-C53141ED9EAB} => D:\PLAY.EXE
Task: {054008D5-8000-45A3-B1C7-D4CD69FD94D6} - System32\Tasks\{03C7990A-2C53-413F-B139-9D33B06F24EB} => D:\PLAY.EXE
Task: {0610E6B2-A093-41A2-B775-893BCA8ED336} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)
Task: {08D406C0-254F-4E2D-A1C4-31E0A2E07147} - System32\Tasks\{BAC0BDCC-ECAF-4443-8E73-B378AA5CACBA} => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-02-12] (Enigma Software Group USA, LLC.)
Task: {0CE222A8-727D-41A5-AF65-F73ED0515967} - System32\Tasks\{0FFE9ACD-223A-4863-ACB7-593B6953E86E} => D:\SETUP.EXE
Task: {0F797FAE-B5D5-4EE0-9742-83824FD3EC3D} - System32\Tasks\{63320AAB-EE47-4A9E-B825-856559648214} => D:\PLAY.EXE
Task: {116774EA-7860-47B9-BE2C-B87A1C49B222} - System32\Tasks\{710C6340-A00B-45FC-B27D-F5FF4C9EEC32} => D:\PLAY.EXE
Task: {120C2864-5890-46FE-A00F-3B8CBFAFF6DA} - System32\Tasks\{F4B9CCCF-4DD9-4F76-8697-DC0830E05E80} => D:\PLAY.EXE
Task: {190B3239-F019-4A77-9D62-1B2DD3B960FE} - System32\Tasks\{221949D2-277F-40D4-B75F-DCCC5173628C} => D:\PLAY.EXE
Task: {1A71CB86-88A8-456F-95E0-931E715339E8} - System32\Tasks\{68179BEC-4BB4-45ED-8DF0-697460D8677D} => D:\PLAY.EXE
Task: {1DC80D97-0C74-430E-AF97-DC658167D0B9} - System32\Tasks\{D8746C18-E38F-4FD5-B333-E441305EE9C3} => D:\PLAY.EXE
Task: {1DE6DE55-48CD-4F83-A523-C29CBAE6FED0} - System32\Tasks\{4DBBD6DA-459B-498E-A636-6E74695FA267} => D:\PLAY.EXE
Task: {202F97BE-95A8-4A1D-9511-EEFC5AD270EB} - System32\Tasks\{481D0925-D8DF-4AA4-BBA9-D05D84FC12BE} => D:\PLAY.EXE
Task: {24AC1690-4AE6-4DD4-BA7C-7E032D8FF976} - System32\Tasks\{1A97E8C2-8EA8-4D86-8884-EF70F2BC31B3} => D:\PLAY.EXE
Task: {2A9D0957-D9A8-4365-9B2A-40D76EB03B7D} - System32\Tasks\{23B7A457-B591-4F02-AE9E-D6F9E5FDE918} => D:\PLAY.EXE
Task: {2AC42323-1BA3-4F17-9E19-071ABF8C52F7} - System32\Tasks\{077EBB21-B817-47D5-8AF8-7DCA13941648} => D:\SETUP.EXE
Task: {331B8AAA-F481-4AA2-BA60-6A76DEF17675} - System32\Tasks\{DA6914BC-5A34-4920-B4E7-E75E682B1D09} => D:\PLAY.EXE
Task: {33EFCEC7-4674-44DD-B01B-1A928A8B34D1} - System32\Tasks\{6F5F48B7-97A4-4734-87F6-2DF43D6C86B0} => D:\PLAY.EXE
Task: {382888D2-D67B-4E18-BCBD-B3815F595304} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)
Task: {3883BEA6-D400-4E70-9DF1-47023DF7BFD3} - System32\Tasks\{27C4D78E-0B7E-4044-AC16-EAE018D7B691} => D:\PLAY.EXE
Task: {39EA9207-A61C-46E3-8BCA-F1210C1C1E33} - System32\Tasks\{01357D0E-A0D9-4D85-A39B-A50D9E4F5F47} => D:\PLAY.EXE
Task: {3AADDE68-C2A7-4197-BDC2-5499566C939A} - System32\Tasks\{9CC7325F-F363-4174-BEBD-C99B00A45E54} => D:\PLAY.EXE
Task: {3D06706C-D588-4B60-827E-2B72EB79CF28} - System32\Tasks\{85A40B8F-A861-48D6-AE4C-7A1E64301FAF} => D:\SETUP.EXE
Task: {4007B9F7-298B-46B8-8143-EEE98A00BF58} - System32\Tasks\{89C64117-EC4A-4EBC-A87B-19ACD5AA0D8B} => D:\PLAY.EXE
Task: {46C5F7AA-752D-4EB2-830E-CF7DE3A60EE8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {513C1777-BB18-4A79-BF55-690B32D34A63} - System32\Tasks\{428FB584-3D9A-47BA-BCF4-0AD1171D00C2} => D:\PLAY.EXE
Task: {59FF3FBA-C8BD-41FA-A5B5-3D827C2BA319} - System32\Tasks\{8CDE2DD5-840E-4136-BFC6-13EC94351D75} => D:\PLAY.EXE
Task: {5A174CA3-A3B0-4F88-8885-40BAC7CC7959} - System32\Tasks\{83418A0B-1623-46CA-9452-8E4E0B142D0E} => D:\PLAY.EXE
Task: {629B7A85-4E61-4FF4-A18B-C43A5C3C9BFD} - System32\Tasks\{2FBE1B6B-1577-4643-99A0-8B8B2D28BFBC} => D:\PLAY.EXE
Task: {62EE6E5D-93B1-47B2-8BDF-19A444F5DF6B} - System32\Tasks\{2E2C6191-5B49-4ABC-9D8B-ABA8918F2E15} => D:\PLAY.EXE
Task: {6A126DAA-ACFF-4A0D-969E-31748B3171CA} - System32\Tasks\{12F67183-2059-4167-A08E-2C07794474F7} => D:\PLAY.EXE
Task: {6B9E3A96-26A0-4B7F-9D72-C3304A2AE1C5} - System32\Tasks\{EF7D23A6-701C-41A2-807D-60E8437CF475} => D:\PLAY.EXE
Task: {6C7AFCE8-B469-4513-8252-1B0142595170} - System32\Tasks\{D9B36876-39CD-48C8-A8B8-96B810D1AF2D} => D:\PLAY.EXE
Task: {71F27D92-CA6E-4E05-9B93-573188EBBC4F} - System32\Tasks\{3D566455-241C-40EA-812D-11123BD2F7D8} => D:\PLAY.EXE
Task: {752193D5-80D1-47A4-858F-538FDC78671F} - System32\Tasks\{434E61B3-C19A-49E2-93F8-63C4C70FD952} => D:\PLAY.EXE
Task: {75F4EAA7-422F-4FC1-BFA5-0E3E9FA5DA34} - System32\Tasks\{F6E073BC-CBD8-4416-8393-C718E5A2B0F7} => D:\PLAY.EXE
Task: {76B54CC7-68BC-4580-8441-483FCCD70951} - System32\Tasks\{B5DE9C90-3A77-488C-A4F3-1C86D187BC88} => D:\PLAY.EXE
Task: {76F26494-9DA6-4B78-B9DA-0731B874CB19} - System32\Tasks\{A4A8136F-8F33-42AF-B750-4C0BEEE6DAE9} => D:\PLAY.EXE
Task: {7944EE7C-DA53-40F8-A20E-763308F30207} - System32\Tasks\{8B3F3219-B3E9-4CDE-8E6D-FFF587D737BB} => D:\PLAY.EXE
Task: {79BA4057-5454-4006-96A7-5AB70260D303} - System32\Tasks\{8B9849F1-4718-47B5-8D55-ECFA5724707B} => D:\PLAY.EXE
Task: {7C4EAF6E-C7BF-4279-8351-0111CA79D401} - System32\Tasks\{0B44C09A-006F-49DD-9508-07B1836EFC93} => D:\PLAY.EXE
Task: {8007FB56-003E-4301-9873-305C4D86654B} - System32\Tasks\{9A63F99D-FEE8-4606-AFD3-DBD1337EFD8E} => D:\PLAY.EXE
Task: {8B2ACBE5-3730-4E41-8BA3-65D78F26D3E0} - System32\Tasks\{01D8A19D-287A-4F55-986A-FC14DFAD3C89} => D:\PLAY.EXE
Task: {8D74806B-2F9E-4631-AF4A-9F1D08A1E19C} - System32\Tasks\{C2BBB845-69B5-4DB0-9E70-82FE1C8B730B} => D:\PLAY.EXE
Task: {8E881110-1FC6-4A70-B7F7-AEB98A081D12} - System32\Tasks\{3E0AECFE-2F39-4159-96DE-33571D4621F3} => D:\PLAY.EXE
Task: {8F58C1B9-1E15-4B5B-8CB9-0C6315783950} - System32\Tasks\{6FD47C62-207F-4B51-A3E4-9AB4E0398A8B} => D:\PLAY.EXE
Task: {97D02046-052E-4128-82F3-8DEDA1BF623C} - System32\Tasks\{B08E7601-1935-4787-BCBB-71DB05064C5F} => D:\PLAY.EXE
Task: {9A466275-734B-4E12-9100-B2789ED89530} - System32\Tasks\{B86C67AC-C2F5-4EB5-B5E3-205CB0FB7034} => D:\PLAY.EXE
Task: {9C78F1F8-39B4-4D25-A63A-A25DB631DFA6} - System32\Tasks\{F4D202BD-C205-44F2-8A67-FD4B28F0C762} => D:\PLAY.EXE
Task: {9E259ADB-7285-4562-8D5C-C420C104E6C1} - System32\Tasks\{12AB994D-F36C-45B7-81D3-EB03AB86AF22} => D:\PLAY.EXE
Task: {A1583EBC-28BE-4E39-BC34-4CA089A01E03} - System32\Tasks\{C9BCC896-C067-4B81-AEF9-A4483330A5AE} => D:\PLAY.EXE
Task: {A2D04C55-7459-4CC4-B1AF-0BD781BAED65} - System32\Tasks\{87AE3027-BF25-47D0-8296-372C4A9DC147} => D:\PLAY.EXE
Task: {A4FFE83E-0254-4E64-8535-65070BC3D081} - System32\Tasks\{DE42339C-6F76-4923-B6F5-722678C427AD} => D:\PLAY.EXE
Task: {A5677E9B-E9BE-49D8-8640-A6E730EFCA84} - System32\Tasks\{CC88314B-A6FD-4FDC-B9A6-CC2D4E62139E} => D:\PLAY.EXE
Task: {ACC92F42-D219-4386-8A27-541944DB9FC7} - System32\Tasks\{65E812BB-117A-48A1-AF21-0F5D19CA0134} => D:\PLAY.EXE
Task: {B0089BAF-47AA-4218-B80D-D9253D52B357} - System32\Tasks\{42E8A854-D00A-4936-AD1C-AFCC0822FF2D} => D:\PLAY.EXE
Task: {B09E2141-427F-4340-B8D5-F66625519277} - System32\Tasks\{737629B4-9577-460A-B3CB-6F0A820CB3C3} => D:\PLAY.EXE
Task: {B811A906-446F-4A11-9ED5-B630A9F25D38} - System32\Tasks\{7B02C9E0-A1CC-4B2C-A1D2-C689C0D3E536} => D:\PLAY.EXE
Task: {C1E8875E-6578-4EC9-AF21-7BF373655A5B} - System32\Tasks\{1272E72B-85A7-4A0F-89DC-FA533B428738} => D:\PLAY.EXE
Task: {C28DB850-2F6B-4F81-AAA6-33CA9274566D} - System32\Tasks\{A0741416-AA8B-40DE-A7AA-347E4D1A241A} => D:\SETUP.EXE
Task: {C3FFEB53-53A8-4B51-A4D5-ABFEE170D5DE} - System32\Tasks\{AE46223E-A5FF-4520-B1A7-7048B75AEB0C} => D:\PLAY.EXE
Task: {C8A052C5-8BB5-413D-8D89-B0F0CB5892EC} - System32\Tasks\{7149225B-A3C2-47D7-8318-81F782828CBD} => D:\PLAY.EXE
Task: {CA095452-4F42-4221-8BEF-369E163F2750} - System32\Tasks\{FCD6B9AD-14CB-43DF-A769-43715685C0F4} => D:\SETUP.EXE
Task: {CDBEF630-14C5-4BD9-AFFD-72554963A184} - System32\Tasks\{E11B19C2-4AC0-4B7C-9147-C5785A05682D} => D:\SETUP.EXE
Task: {D5AECC69-1177-411E-9C26-28D01B0FE8E9} - System32\Tasks\{92B28852-F0DE-4F54-A10C-DB72BD3145DD} => D:\PLAY.EXE
Task: {D6027CA7-4539-4D9B-AA72-B4D56E3D0571} - System32\Tasks\{97FD0D9F-8036-41DD-98A2-118FDFDEC78B} => D:\PLAY.EXE
Task: {DCAA4ED0-E86D-4730-9C7E-896D1B660742} - System32\Tasks\{5C59947C-71F1-4C12-8F66-0285D90B16A3} => D:\PLAY.EXE
Task: {DD13D9A5-A420-48F0-906D-23B632CBED3B} - System32\Tasks\{71C636C5-8295-4AA2-9286-279D04B63ED3} => D:\PLAY.EXE
Task: {DE90CADC-913A-43B9-9EDD-6EFF6FD29C49} - System32\Tasks\{1FD2763B-36A2-43CC-86DA-0B3F015BAFB1} => D:\PLAY.EXE
Task: {DF4F6BA0-095F-4CC9-9DB7-8B5C27AA19D7} - System32\Tasks\{E69D4850-6BA8-499B-BF8A-8D1A24A46F6B} => D:\PLAY.EXE
Task: {DFAAD814-F6F1-4C46-AC37-CB638885D9DA} - System32\Tasks\{914EDCD4-3D03-4067-8400-581FEA6DFEC0} => D:\PLAY.EXE
Task: {E4298E2B-9AC2-4A4B-8663-BA3C827ED2A5} - System32\Tasks\{918EFEDA-2773-491D-A8EB-1EC360B5B537} => D:\PLAY.EXE
Task: {ED744072-F68C-4F42-BFA8-21B111680138} - System32\Tasks\{F3C6CC28-0CB1-4FFE-9B0C-E702C400D817} => D:\PLAY.EXE
Task: {EF483CED-97CB-426C-A367-E7295EE0A434} - System32\Tasks\{BE5E263D-5641-41E1-B255-A09F6050D44D} => D:\PLAY.EXE
Task: {EF9F4370-D9A9-4AD9-87BE-0B356C5CF4BC} - System32\Tasks\{BE26141D-CE7A-4561-8E9A-33646E420218} => D:\PLAY.EXE
Task: {F40C3CBB-8ECD-48DC-8E67-E1D487379FBC} - System32\Tasks\{79C2DDC2-DED8-44FE-85F4-EFADB1CA662C} => D:\PLAY.EXE
Task: {F8621C0E-0791-4504-9B8B-7BD5C46367CD} - System32\Tasks\{22C66222-102E-4E19-B6C5-0ACC8F7CBC3C} => D:\PLAY.EXE
Task: {FB376F14-AAA9-486F-8DE4-C4975C87F9EE} - System32\Tasks\{D64AAB9D-B750-44B2-AB3A-23FB5A1ECAD6} => D:\PLAY.EXE
Task: {FF561D3C-ECB7-48FD-B419-9FEC4501D5B5} - System32\Tasks\{B9706EFB-53C2-4F03-9663-E66AFBB6DF2E} => D:\PLAY.EXE
Task: {FFC42BD7-0321-423B-A62E-8440B99FE42B} - System32\Tasks\{BAF75972-929D-4A1F-BD64-F986DCA4E599} => D:\PLAY.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2261786481-891652113-2891113778-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\koontz312\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2261786481-891652113-2891113778-500 - Administrator - Disabled)
Guest (S-1-5-21-2261786481-891652113-2891113778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2261786481-891652113-2891113778-1002 - Limited - Enabled)
koontz312 (S-1-5-21-2261786481-891652113-2891113778-1001 - Administrator - Enabled) => C:\Users\koontz312

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/17/2015 02:03:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (02/17/2015 02:03:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (02/17/2015 02:02:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/17/2015 02:02:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/17/2015 02:02:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/17/2015 02:02:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/17/2015 02:02:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/17/2015 02:02:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/17/2015 02:02:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/17/2015 02:02:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 4060.98 MB
Available physical RAM: 2918.59 MB
Total Pagefile: 8120.16 MB
Available Pagefile: 6998.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:369.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F6342AC7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 SEREDMAN

SEREDMAN
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 February 2015 - 02:18 PM

And I booted in Safe Mode, I am unable to boot as normal.

#12 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 17 February 2015 - 04:03 PM

What happens when you try to boot into Normal Mode?
Posted Image

#13 SEREDMAN

SEREDMAN
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 February 2015 - 10:04 PM

This problem just started today after running the AdwCleaner when it needed to restart.  The computer looks like it will start normally then goes to the Windows Error Recovery page.  I used the Lauch Repair option and it attempted to run repairs.  The computer was unable to restore.

  It restarted and then a blue screen popped up quickly, I only saw it said there was a problem before it closed.

The computer states Repair cannot repair this computer automatically.



#14 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 18 February 2015 - 05:44 AM

Hello, 
 
Please download and run WhoCrashed. Copy/paste the report in your next post. 
http://www.majorgeeks.com/files/details/whocrashed_free_home_edition.html 


Posted Image

#15 SEREDMAN

SEREDMAN
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 18 February 2015 - 09:09 AM

WhoCrashed

Welcome to WhoCrashed (HOME EDITION) v 5.03

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. It will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...


 

Home Edition Notice

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which allows you to perform more thorough and detailed analysis. It also offers a range of additional features such as remote analysis on remote directories and remote computers on the network.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.
 

 

System Information (local)

computer name: KOONTZ312-PC
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
Hardware: Inspiron 560 , Dell Inc., 018D1Y
CPU: GenuineIntel Pentium® Dual-Core CPU E6700 @ 3.20GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 4258250752 total



 

Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Wed 2/18/2015 1:18:26 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\021715-24460-01.dmp
This was probably caused by the following module: mfencbdc.sys (mfencbdc+0x2CA28)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF880058C8A28, 0xFFFFF88003034460, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\mfencbdc.sys
product: Anti-Malware Core
company: McAfee, Inc.
description: Event Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mfencbdc.sys (Event Driver, McAfee, Inc.).
Google query: McAfee, Inc. SYSTEM_SERVICE_EXCEPTION



On Wed 2/18/2015 1:18:26 AM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: mfehidk.sys (mfehidk+0x395F1)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF880058C8A28, 0xFFFFF88003034460, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\mfehidk.sys
product: SYSCORE
company: McAfee, Inc.
description: McAfee Link Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mfehidk.sys (McAfee Link Driver, McAfee, Inc.).
Google query: McAfee, Inc. SYSTEM_SERVICE_EXCEPTION



On Tue 2/17/2015 12:13:39 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\021715-19734-01.dmp
This was probably caused by the following module: mfencbdc.sys (mfencbdc+0x2CA28)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF88005F8CA28, 0xFFFFF88003041460, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\mfencbdc.sys
product: Anti-Malware Core
company: McAfee, Inc.
description: Event Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mfencbdc.sys (Event Driver, McAfee, Inc.).
Google query: McAfee, Inc. SYSTEM_SERVICE_EXCEPTION



On Tue 2/17/2015 11:37:49 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\021715-20841-01.dmp
This was probably caused by the following module: mfencbdc.sys (mfencbdc+0x2CA28)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF8800607CA28, 0xFFFFF8800303A460, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\mfencbdc.sys
product: Anti-Malware Core
company: McAfee, Inc.
description: Event Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mfencbdc.sys (Event Driver, McAfee, Inc.).
Google query: McAfee, Inc. SYSTEM_SERVICE_EXCEPTION



On Tue 2/17/2015 11:18:32 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\021715-18876-01.dmp
This was probably caused by the following module: mfencbdc.sys (mfencbdc+0x2CA28)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF88005F15A28, 0xFFFFF8800303A460, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\mfencbdc.sys
product: Anti-Malware Core
company: McAfee, Inc.
description: Event Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mfencbdc.sys (Event Driver, McAfee, Inc.).
Google query: McAfee, Inc. SYSTEM_SERVICE_EXCEPTION



On Mon 2/16/2015 11:19:08 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\021615-18314-01.dmp
This was probably caused by the following module: mfencbdc.sys (mfencbdc+0x2CA28)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF88005EAEA28, 0xFFFFF88003048460, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\mfencbdc.sys
product: Anti-Malware Core
company: McAfee, Inc.
description: Event Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mfencbdc.sys (Event Driver, McAfee, Inc.).
Google query: McAfee, Inc. SYSTEM_SERVICE_EXCEPTION




 

Conclusion

6 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

mfencbdc.sys (Event Driver, McAfee, Inc.)
mfehidk.sys (McAfee Link Driver, McAfee, Inc.)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users