Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected


  • This topic is locked This topic is locked
14 replies to this topic

#1 OrangeDragon80

OrangeDragon80

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia
  • Local time:03:04 PM

Posted 16 March 2015 - 05:42 AM

Hello again friends,

 

I was recently infected by a adware known as Optimizer pro.  I uninstalled (supposedly), and ran Malwarebytes anti malware.  It was detected, and quarrantined.  As with the nature of most malware, There may be orphaned left overs straggling around my system.  I just want to make sure if it's gone.  Any help will ve appreciated.

 

 

Here is my Log File:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/16/2015
Scan Time: 5:50:14 AM
Logfile: log file.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.16.01
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BmanCoolio

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355788
Time Elapsed: 14 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.SweetIM.A, HKU\S-1-5-21-794987168-578894477-3975257818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEDAF650-12B8-48F5-A843-BBA100716106}, Quarantined, [0e9b2cf63c4ee650465c36f118ebf60a],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-794987168-578894477-3975257818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TidyNetwork, Quarantined, [beeb140e7c0e3ef86819feba46bdf60a],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{87E0C4B3-670B-35E8-F105-61AD1DD3F541}, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{87E0C4B3-670B-35E8-F105-61AD1DD3F541}, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{87E0C4B3-670B-35E8-F105-61AD1DD3F541}, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\CLASSES\CLSID\{87E0C4B3-670B-35E8-F105-61AD1DD3F541}, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\CLASSES\CLSID\{87E0C4B3-670B-35E8-F105-61AD1DD3F541}\INPROCSERVER32, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-794987168-578894477-3975257818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{87E0C4B3-670B-35E8-F105-61AD1DD3F541}, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-794987168-578894477-3975257818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{87E0C4B3-670B-35E8-F105-61AD1DD3F541}, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{ff148bd5}, Quarantined, [6148041e4d3d51e5d34e7b5d699a0000],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-794987168-578894477-3975257818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TidyNetwork, Quarantined, [f6b3cf53a0ea181ee5febe31f2112ed2],
PUP.Optional.TNT.A, HKU\S-1-5-21-794987168-578894477-3975257818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TNT2, Quarantined, [4b5e5bc77c0ec274cb3ec2f02dd6d22e],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-794987168-578894477-3975257818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Quarantined, [7e2bbb67b6d4d0661e2310e460a307f9],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-794987168-578894477-3975257818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, Quarantined, [6940df439cee95a12f58971ec83bf808],

Registry Values: 0
(No malicious items detected)

Registry Data: 2
PUP.Optional.Freshy.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://services.freshy.com/general/newhometab.php?hometab=home&partner=11047&guid={5A686D7B-B015-42D2-96F3-A8BE10188CBB}&i=, Good: (www.google.com), Bad: (http://services.freshy.com/general/newhometab.php?hometab=home&partner=11047&guid={5A686D7B-B015-42D2-96F3-A8BE10188CBB}&i=),Replaced,[72375cc67a10c175fb9406d70df8ed13]
PUP.Optional.Freshy.A, HKU\S-1-5-21-794987168-578894477-3975257818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://services.freshy.com/general/newhometab.php?hometab=home&partner=11047&guid={5A686D7B-B015-42D2-96F3-A8BE10188CBB}&i=, Good: (www.google.com), Bad: (http://services.freshy.com/general/newhometab.php?hometab=home&partner=11047&guid={5A686D7B-B015-42D2-96F3-A8BE10188CBB}&i=),Replaced,[e6c31e048bff47ef513fb429858054ac]

Folders: 12
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Local\TidyNetwork, Quarantined, [beeb140e7c0e3ef86819feba46bdf60a],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TidyNetwork, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork\chrome, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork\chrome\content, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork\chrome\skin, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork\chrome, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork\chrome\content, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork\chrome\skin, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.Jamenize.A, C:\Users\BmanCoolio\AppData\Roaming\Jamenize, Quarantined, [fbae27fbbad03df9dc09ddc963a0d62a],
PUP.Optional.Jamenize.A, C:\Users\BmanCoolio\AppData\Roaming\Jamenize\UpdateProc, Quarantined, [fbae27fbbad03df9dc09ddc963a0d62a],

Files: 32
PUP.Optional.OptimizerPR0, C:\ProgramData\{3a1eceee-8c3e-8f4f-3a1e-eceee8c33bba}\OptimizerPro.exe, Quarantined, [e3c659c9acde70c6432e84ac5aa8b54b],
PUP.Optional.Jamenize.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\searchplugins\Jamenize.xml, Quarantined, [a801c062fb8faa8c3a82a40a4bb859a7],
PUP.Optional.Jamenize.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\searchplugins\Jamenize.xml, Quarantined, [d4d5889a4d3dcb6b3785d3dbfc07b44c],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Local\TidyNetwork\uninstall.exe, Quarantined, [beeb140e7c0e3ef86819feba46bdf60a],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Local\TidyNetwork\extension.crx, Quarantined, [beeb140e7c0e3ef86819feba46bdf60a],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Local\TidyNetwork\log.log, Quarantined, [beeb140e7c0e3ef86819feba46bdf60a],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Local\TidyNetwork\sidtrmix27.ty, Quarantined, [beeb140e7c0e3ef86819feba46bdf60a],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Local\TidyNetwork\update.exe, Quarantined, [beeb140e7c0e3ef86819feba46bdf60a],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TidyNetwork\petn.dll, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TidyNetwork\petn64.dll, Quarantined, [9a0f7aa892f879bdcbc312a82ed5ad53],
PUP.Optional.TidyNetwork.A, C:\WINDOWS\System32\Tasks\TidyNetwork Update, Quarantined, [59508a98bfcb79bdbfdf1dbc1ee5bd43],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork\chrome.manifest, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork\install.rdf, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.js, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.xul, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork\chrome\content\script0.js, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\extensions\TidyNetwork@TidyNetwork\chrome\skin\32x32.png, Quarantined, [ffaa071b751549edba264e255aa9926e],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork\chrome.manifest, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork\install.rdf, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.js, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.xul, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork\chrome\content\script0.js, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.TidyNetwork.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\extensions\TidyNetwork@TidyNetwork\chrome\skin\32x32.png, Quarantined, [1396ce54d4b696a0835d3a3942c11ae6],
PUP.Optional.Jamenize.A, C:\Users\BmanCoolio\AppData\Roaming\Jamenize\UpdateProc\bkup.dat, Quarantined, [fbae27fbbad03df9dc09ddc963a0d62a],
PUP.Optional.Jamenize.A, C:\Users\BmanCoolio\AppData\Roaming\Jamenize\UpdateProc\config.dat, Quarantined, [fbae27fbbad03df9dc09ddc963a0d62a],
PUP.Optional.Jamenize.A, C:\Users\BmanCoolio\AppData\Roaming\Jamenize\UpdateProc\info.dat, Quarantined, [fbae27fbbad03df9dc09ddc963a0d62a],
PUP.Optional.Freshy.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://services.freshy.com/general/newhometab.php?hometab=home&partner=11047&guid={5A686D7B-B015-42D2-96F3-A8BE10188CBB}&i=");), Replaced,[90190e14bdcd310599ee7ca8cc3a7090]
PUP.Optional.FindWide.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.findwide.com/serp?guid={5A686D7B-B015-42D2-96F3-A8BE10188CBB}&k=");), Replaced,[1297e63c7218f442aeb245e2f610c43c]
PUP.Optional.Freshy.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\user.js, Quarantined, [5158fd25b9d13ef838d46eb653b344bc],
PUP.Optional.FindWideTB.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\user.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.findwide.com/serp?guid={5A686D7B-B015-42D2-96F3-A8BE10188CBB}&k=");), Replaced,[9a0f46dc69219d998504e542ff077888]
PUP.Optional.Freshy.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\user.js, Quarantined, [1c8d5ac8d3b7b97dc04c9094f01624dc],
PUP.Optional.FindWideTB.A, C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\phdt7tdq.default\user.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.findwide.com/serp?guid={5A686D7B-B015-42D2-96F3-A8BE10188CBB}&k=");), Replaced,[3871e939a4e673c31871a681798dd927]

Physical Sectors: 0
(No malicious items detected)


(end)



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:04 PM

Posted 16 March 2015 - 11:16 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 OrangeDragon80

OrangeDragon80
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia
  • Local time:03:04 PM

Posted 16 March 2015 - 12:07 PM

Thanks for the prompt reply.

Here is my FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by BmanCoolio (administrator) on JERLANDO80 on 16-03-2015 13:00:02
Running from C:\Users\BmanCoolio\Downloads
Loaded Profiles: BmanCoolio (Available profiles: BmanCoolio)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\WINDOWS\SysWOW64\PSIService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Run: [GoogleChromeAutoLaunch_EC8FA8E2C6B80317444F2FCA3A07BB3F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Run: [DellSystemDetect] => C:\Users\BmanCoolio\AppData\Local\Apps\2.0\EBX19CN3.JNY\5AP7D5JX.6BP\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-12] (Dell)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
ShortcutTarget: OptimizerPro.lnk -> C:\ProgramData\{3a1eceee-8c3e-8f4f-3a1e-eceee8c33bba}\OptimizerPro.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {D2716C32-A323-4027-8210-1EDE5C8EECDC} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D2716C32-A323-4027-8210-1EDE5C8EECDC} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> DefaultScope {5275A818-60FB-45CF-A345-CF7322BFD64C} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140713&p={searchTerms}
SearchScopes: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> {25F75212-B957-484D-9E00-FA47653A4095} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11047
SearchScopes: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> {5275A818-60FB-45CF-A345-CF7322BFD64C} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140713&p={searchTerms}
SearchScopes: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> {E7B1A2F8-EA8F-48EF-95F5-12900120E741} URL = http://search.findwide.com/serp?guid={5A686D7B-B015-42D2-96F3-A8BE10188CBB}&k={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> No Name - {BEE84524-0CA6-42F9-AA8B-44B42E6DA651} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2014-09-04] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-09-04] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445
FF NewTab:
FF DefaultSearchEngine: Yahoo:
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://techcrunch.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-09-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-09-04] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-794987168-578894477-3975257818-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF SearchPlugin: C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\searchplugins\yahoo-1.xml [2015-03-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-06-25]
FF HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-12-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.dexigner.com/
CHR StartupUrls: Default -> "hxxp://www.techcrunch.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B211US0D20140713&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Google Sheets) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (SiteAdvisor) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Gmail) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-12]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-12]

Opera:
=======
OPR StartupUrls: "hxxp://techcrunch.com/"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-11-17] (Macrovision Europe Ltd.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-03-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-04-27] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-04-27] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
U3 mfeapfk01; No ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 13:00 - 2015-03-16 13:00 - 00020899 _____ () C:\Users\BmanCoolio\Downloads\FRST.txt
2015-03-16 12:58 - 2015-03-16 13:00 - 00000000 ____D () C:\FRST
2015-03-16 12:57 - 2015-03-16 12:57 - 02095616 _____ (Farbar) C:\Users\BmanCoolio\Downloads\FRST64.exe
2015-03-16 06:11 - 2015-03-16 06:11 - 00013766 _____ () C:\Windows\PFRO.log
2015-03-16 06:11 - 2015-03-16 06:11 - 00000056 _____ () C:\Windows\setupact.log
2015-03-16 06:11 - 2015-03-16 06:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-16 05:36 - 2015-03-16 05:36 - 00000000 ____D () C:\ProgramData\9aabd0b200004f83
2015-03-15 23:57 - 2015-03-16 06:09 - 00000000 ____D () C:\ProgramData\{3a1eceee-8c3e-8f4f-3a1e-eceee8c33bba}
2015-03-15 23:53 - 2015-03-15 23:53 - 79310088 _____ () C:\Users\BmanCoolio\Downloads\7zip-setup.exe
2015-03-15 23:45 - 2015-03-15 23:45 - 00867785 _____ () C:\Users\BmanCoolio\Downloads\zsnesw151.zip
2015-03-15 23:34 - 2015-03-15 23:34 - 00004029 _____ () C:\Users\BmanCoolio\Desktop\pcsxr - Shortcut.lnk
2015-03-15 23:11 - 2015-03-15 23:12 - 00000000 ____D () C:\Users\BmanCoolio\Documents\PSX
2015-03-15 22:35 - 2015-03-15 23:07 - 368818216 _____ () C:\Users\BmanCoolio\Downloads\street_fighter_alpha_2.zip
2015-03-15 22:23 - 2015-03-15 22:23 - 01463630 _____ () C:\Users\BmanCoolio\Downloads\snes9x-1.53-win32.zip
2015-03-15 22:21 - 2015-03-15 22:21 - 00858978 _____ () C:\Users\BmanCoolio\Downloads\pcsxr-1.9.93-win32.zip
2015-03-15 22:20 - 2015-03-15 22:21 - 00779000 _____ (App installer ) C:\Users\BmanCoolio\Downloads\FileOpener_Setup.exe
2015-03-15 21:07 - 2015-03-15 21:07 - 00000993 _____ () C:\Users\BmanCoolio\Desktop\Fusion - Shortcut.lnk
2015-03-15 20:25 - 2015-03-15 21:08 - 00000000 ____D () C:\Users\BmanCoolio\Documents\Kega
2015-03-13 17:12 - 2015-03-13 17:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 17:52 - 2015-03-06 17:52 - 00000632 _____ () C:\Windows\CoD.INI
2015-02-28 12:45 - 2015-02-28 12:45 - 00000289 _____ () C:\Users\BmanCoolio\Desktop\PainterArtist.com.URL
2015-02-28 12:43 - 2015-02-28 12:43 - 00000236 _____ () C:\Users\BmanCoolio\Desktop\Designer Today.URL
2015-02-15 23:59 - 2015-02-15 23:59 - 00000000 ____D () C:\Windows\CheckSur
2015-02-15 20:22 - 2015-02-15 20:23 - 00000000 ____D () C:\6d7404655f1b0b9d395a2657b54d
2015-02-14 12:43 - 2015-02-21 19:45 - 00000000 ___DC () C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-02-14 12:42 - 2015-02-14 13:13 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-02-14 00:14 - 2015-02-14 14:59 - 00000000 ____D () C:\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6
2015-02-14 00:14 - 2015-02-14 08:23 - 00000000 ____D () C:\Users\BmanCoolio\.frostwire5
2015-02-14 00:14 - 2015-02-14 00:15 - 00000000 ____D () C:\Users\BmanCoolio\FrostWire
2015-02-14 00:13 - 2015-02-14 14:59 - 00000000 ____D () C:\Program Files (x86)\FrostWire

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 12:59 - 2015-02-07 09:54 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 12:14 - 2015-02-12 04:29 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-16 12:05 - 2012-07-15 14:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 11:26 - 2012-07-15 14:38 - 01841672 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 08:59 - 2015-02-07 09:54 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 06:37 - 2014-10-22 09:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 06:27 - 2015-02-07 11:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-16 06:20 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 06:20 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 06:18 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 06:13 - 2012-07-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-16 06:11 - 2014-10-25 05:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-16 06:11 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 06:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2015-03-16 00:31 - 2014-08-24 07:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-13 17:02 - 2015-02-07 10:00 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 16:46 - 2014-10-25 10:29 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1414247339
2015-03-13 16:46 - 2014-10-25 10:28 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-13 16:40 - 2014-06-25 16:57 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-06 17:54 - 2014-08-03 03:50 - 00000000 ____D () C:\Program Files (x86)\Call of Duty Game of the Year Edition
2015-03-01 04:12 - 2014-11-03 23:39 - 00000221 _____ () C:\Users\BmanCoolio\Desktop\Vectips.com.URL
2015-02-24 04:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 05:05 - 2014-03-29 21:02 - 00000000 ____D () C:\Users\BmanCoolio
2015-02-21 19:47 - 2014-06-27 04:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-21 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2015-02-21 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-02-21 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-21 19:45 - 2015-02-11 20:03 - 00000000 ____D () C:\SFA
2015-02-21 19:45 - 2014-11-17 18:55 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-02-21 19:45 - 2014-11-17 18:22 - 00000000 ____D () C:\ProgramData\Protexis64
2015-02-21 19:45 - 2014-10-25 09:27 - 00000000 ____D () C:\Program Files (x86)\Aurora
2015-02-21 19:45 - 2014-10-25 05:27 - 00000000 ____D () C:\Program Files (x86)\Aurora.bak
2015-02-21 19:45 - 2014-10-22 10:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-21 19:45 - 2014-08-03 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2015-02-21 19:45 - 2014-07-16 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-21 19:45 - 2014-06-27 16:05 - 00000000 ____D () C:\Program Files\My Dell
2015-02-21 19:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-21 19:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-02-21 19:37 - 2014-06-27 16:04 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-21 19:37 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\BmanCoolio\AppData\Roaming\Adobe
2015-02-21 19:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-21 19:36 - 2014-07-01 08:11 - 00000000 __RHD () C:\MSOCache
2015-02-15 19:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-02-15 18:21 - 2014-06-27 04:46 - 00000000 ____D () C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2015-01-16 14:59 - 2015-01-16 14:59 - 0047465 _____ () C:\Users\BmanCoolio\AppData\Roaming\default.rss
2014-07-03 17:39 - 2014-07-03 17:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-30 13:57 - 2014-10-30 22:53 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 13:34

==================== End Of Log ============================

 

 

Finally, Here is my addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by BmanCoolio at 2015-03-16 13:00:44
Running from C:\Users\BmanCoolio\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty Game of the Year Edition (HKLM-x32\...\Call of Duty Game of the Year Edition) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Corel Painter 13 - IPM (Version: 13.1 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.0 - Corel Corporation) Hidden
Corel Painter X3 (HKLM\...\_{EF449371-6B69-49C8-B789-76A0B0E3446B}) (Version: 13.0.0.704 - Corel Corporation)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect (HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\73f463568823ebbe) (Version: 5.11.0.3 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.215 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.18 - Creative Technology Ltd)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.52 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Medal of Honor Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0a2 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{dec524d7-1fa0-49f3-bf43-ddb9d68d7e61}) (Version:  - Nero AG)
Opera Stable 28.0.1750.40 (HKLM-x32\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
Painter 13 - Contentx64 (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.0 - Corel Corporation) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.17 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.199 - McAfee, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.11500.11.105 - Nero AG) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-02-2015 19:33:54 Restore Operation
01-03-2015 01:00:02 Scheduled Checkpoint
01-03-2015 04:59:21 Windows Update
12-03-2015 19:36:28 Scheduled Checkpoint
16-03-2015 03:15:08 Windows Update
16-03-2015 05:39:27 Removed UpdateAdmin

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2617E19A-BCB4-4C59-82D3-906E8077C344} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {282667DE-CF4E-42DA-9118-9AA188688CE6} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {342CC23F-113B-4C67-B121-735A97EE1FCE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4CB36AC4-DDA3-40F1-AE5D-3C706F9C68E9} - System32\Tasks\Opera scheduled Autoupdate 1414247339 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-10] (Opera Software)
Task: {541723CB-9C19-4B18-AF46-751090356C29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {647A12DC-7799-4463-A71A-3EFE9262E12E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {6556E0E0-4C0D-4795-B01A-61F064BFCA91} - System32\Tasks\{BB3ACAA4-66A0-4E58-AFE4-EDC061383A20} => pcalua.exe -a C:\MOHPA\setup\setup.exe -d C:\MOHPA\setup
Task: {72B2E2DE-8D1B-41EF-B090-D6A2E3CD9B63} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {81286D6C-9E18-4309-92C7-A0A3053CF235} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {8436347B-8837-4EAF-B6E4-A039D67E5DE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8B308D4D-5587-49EA-862A-41C35C025527} - System32\Tasks\{DDA48F07-B2EF-4519-B7FA-173CA5AA2C3A} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {A89B914C-FFAF-4631-BC02-C2C287E36C49} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {B5F6DE02-0CCD-4D14-9A6B-0EF9E57DD28B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {C3335E9D-54AA-4294-BAE7-FDB009E5660E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {CC601E89-8F1C-4DB6-9BDE-1CAF2B250883} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {CD8802E4-B1BE-4058-BE9C-54DA8C30F15E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E746F981-EBDC-4845-A164-513788D781CC} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2014-06-26 22:52 - 2011-09-08 17:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-07-15 15:10 - 2012-01-26 22:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-24 12:39 - 2014-11-24 12:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-10-23 12:31 - 2014-10-23 12:31 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-07-15 14:56 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-15 14:59 - 2012-01-20 12:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-794987168-578894477-3975257818-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^BmanCoolio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^BmanCoolio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\BmanCoolio\AppData\Local\Apps\2.0\EBX19CN3.JNY\5AP7D5JX.6BP\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_EC8FA8E2C6B80317444F2FCA3A07BB3F => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\BmanCoolio\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\BmanCoolio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== Accounts: =============================

Administrator (S-1-5-21-794987168-578894477-3975257818-500 - Administrator - Disabled)
BmanCoolio (S-1-5-21-794987168-578894477-3975257818-1000 - Administrator - Enabled) => C:\Users\BmanCoolio
Guest (S-1-5-21-794987168-578894477-3975257818-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-794987168-578894477-3975257818-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 09:13:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (03/16/2015 07:09:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcsxr.exe, version: 1.0.0.1, time stamp: 0x521d1919
Faulting module name: DFSound.dll_unloaded, version: 0.0.0.0, time stamp: 0x521bde2a
Exception code: 0xc0000005
Fault offset: 0x03647560
Faulting process id: 0x19cc
Faulting application start time: 0xpcsxr.exe0
Faulting application path: pcsxr.exe1
Faulting module path: pcsxr.exe2
Report Id: pcsxr.exe3

Error: (03/16/2015 07:06:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcsxr.exe, version: 1.0.0.1, time stamp: 0x521d1919
Faulting module name: DFSound.dll_unloaded, version: 0.0.0.0, time stamp: 0x521bde2a
Exception code: 0xc0000005
Fault offset: 0x03547560
Faulting process id: 0x1560
Faulting application start time: 0xpcsxr.exe0
Faulting application path: pcsxr.exe1
Faulting module path: pcsxr.exe2
Report Id: pcsxr.exe3

Error: (03/16/2015 07:03:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcsxr.exe, version: 1.0.0.1, time stamp: 0x521d1919
Faulting module name: PadSSSPSX.dll_unloaded, version: 0.0.0.0, time stamp: 0x521be066
Exception code: 0xc0000005
Fault offset: 0x00242e50
Faulting process id: 0x464
Faulting application start time: 0xpcsxr.exe0
Faulting application path: pcsxr.exe1
Faulting module path: pcsxr.exe2
Report Id: pcsxr.exe3

Error: (03/16/2015 06:15:43 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (03/16/2015 06:12:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2015 06:12:26 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/16/2015 06:12:26 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/16/2015 06:12:26 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/16/2015 06:12:26 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (03/16/2015 00:55:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 07:12:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 07:09:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 07:06:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 07:03:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 07:00:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 06:50:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 06:37:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 06:36:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 06:36:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (02/14/2015 10:15:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 972 seconds with 960 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 8063.41 MB
Available physical RAM: 5919.34 MB
Total Pagefile: 16125 MB
Available Pagefile: 13802.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:868.83 GB) (Free:780.81 GB) NTFS
Drive g: (Projects) (Fixed) (Total:48.83 GB) (Free:48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: D9478200)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=868.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:04 PM

Posted 16 March 2015 - 12:30 PM

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

Scan with mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif



Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 OrangeDragon80

OrangeDragon80
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia
  • Local time:03:04 PM

Posted 16 March 2015 - 02:08 PM

Thanks again for the prompt reply:

 

Here is my AdwCleaner log:

 

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 14:18:32
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : BmanCoolio - JERLANDO80
# Running from : C:\Users\BmanCoolio\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\UpdateCommon
Folder Deleted : C:\ProgramData\uc
Folder Deleted : C:\ProgramData\9aabd0b200004f83
Folder Deleted : C:\Users\BmanCoolio\Documents\Updater
File Deleted : C:\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro.lnk

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E7B1A2F8-EA8F-48EF-95F5-12900120E741}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[dc2e3no3.default-1414593443445\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);

-\\ Google Chrome v41.0.2272.89

[C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={CE1E96F0-28FA-41ED-ADC2-6FB81110A5C6}&mid=afa4edb2892747d09864d1565088b092-d48987071b317592046c99546681de64a97eee18&ds=AVG&lang=en&v=11.0.0.9&pr=fr&d=&sap=dsp&q={searchTerms}
[C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://jamenize.com/results.php?f=4&q={searchTerms}&a=jmz_forstw01_15_07&cd=2XzuyEtN2Y1L1Qzu0CtBtCzzzzyD0CtCtD0FzytCtDtC0AzytN0D0Tzu0StCtCtAzytN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StA0DyD0B0E0F0ByBtG0AzzyEtAtG0DtC0BtDtGtD0DtDyCtGyBtD0D0FtDtAyE0CyBtD0FyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByDtD0Czz0EyByEtG0DyByBzztGyEtD0FtBtGzyzytD0AtGtC0Czz0Bzz0C0Azy0BtA0D0D2QtN1B1L1H1Ezu1O2U1M1B&cr=331963421&ir=

-\\ Opera v28.0.1750.40

[C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={CE1E96F0-28FA-41ED-ADC2-6FB81110A5C6}&mid=afa4edb2892747d09864d1565088b092-d48987071b317592046c99546681de64a97eee18&ds=AVG&lang=en&v=11.0.0.9&pr=fr&d=&sap=dsp&q={searchTerms}
[C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://jamenize.com/results.php?f=4&q={searchTerms}&a=jmz_forstw01_15_07&cd=2XzuyEtN2Y1L1Qzu0CtBtCzzzzyD0CtCtD0FzytCtDtC0AzytN0D0Tzu0StCtCtAzytN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StA0DyD0B0E0F0ByBtG0AzzyEtAtG0DtC0BtDtGtD0DtDyCtGyBtD0D0FtDtAyE0CyBtD0FyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByDtD0Czz0EyByEtG0DyByBzztGyEtD0FtBtGzyzytD0AtGtC0Czz0Bzz0C0Azy0BtA0D0D2QtN1B1L1H1Ezu1O2U1M1B&cr=331963421&ir=

*************************

AdwCleaner[R0].txt - [3186 bytes] - [16/03/2015 14:16:21]
AdwCleaner[S0].txt - [4148 bytes] - [16/03/2015 14:18:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4207  bytes] ##########
 

 

Here is my Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/16/2015
Scan Time: 2:27:28 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.16.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BmanCoolio

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355575
Time Elapsed: 13 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Lastly, here are my FRST and Addition logs:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by BmanCoolio (administrator) on JERLANDO80 on 16-03-2015 14:55:07
Running from C:\Users\BmanCoolio\Downloads
Loaded Profiles: BmanCoolio (Available profiles: BmanCoolio)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\WINDOWS\SysWOW64\PSIService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell) C:\Users\BmanCoolio\AppData\Local\Apps\2.0\EBX19CN3.JNY\5AP7D5JX.6BP\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Run: [GoogleChromeAutoLaunch_EC8FA8E2C6B80317444F2FCA3A07BB3F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Run: [DellSystemDetect] => C:\Users\BmanCoolio\AppData\Local\Apps\2.0\EBX19CN3.JNY\5AP7D5JX.6BP\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-12] (Dell)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {D2716C32-A323-4027-8210-1EDE5C8EECDC} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D2716C32-A323-4027-8210-1EDE5C8EECDC} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> {25F75212-B957-484D-9E00-FA47653A4095} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11047
SearchScopes: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> {5275A818-60FB-45CF-A345-CF7322BFD64C} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140713&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> No Name - {BEE84524-0CA6-42F9-AA8B-44B42E6DA651} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2014-09-04] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-09-04] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445
FF NewTab:
FF DefaultSearchEngine: Yahoo:
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://techcrunch.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-09-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-09-04] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-794987168-578894477-3975257818-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF SearchPlugin: C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\searchplugins\yahoo-1.xml [2015-03-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-06-25]
FF HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-12-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.dexigner.com/
CHR StartupUrls: Default -> "hxxp://www.techcrunch.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B211US0D20140713&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Google Sheets) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (SiteAdvisor) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Gmail) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-12]
CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-12]

Opera:
=======
OPR StartupUrls: "hxxp://techcrunch.com/"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-11-17] (Macrovision Europe Ltd.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-03-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-04-27] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-04-27] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
U3 mfeapfk01; No ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 14:46 - 2015-03-16 14:46 - 00001053 _____ () C:\Users\BmanCoolio\Downloads\MWbites.txt
2015-03-16 14:23 - 2015-03-16 14:23 - 00004287 _____ () C:\Users\BmanCoolio\Downloads\AdwCleaner[S0].txt
2015-03-16 14:13 - 2015-03-16 14:18 - 00000000 ____D () C:\AdwCleaner
2015-03-16 14:12 - 2015-03-16 14:12 - 02171392 _____ () C:\Users\BmanCoolio\Downloads\AdwCleaner.exe
2015-03-16 13:00 - 2015-03-16 14:55 - 00020624 _____ () C:\Users\BmanCoolio\Downloads\FRST.txt
2015-03-16 13:00 - 2015-03-16 13:01 - 00034546 _____ () C:\Users\BmanCoolio\Downloads\Addition.txt
2015-03-16 12:58 - 2015-03-16 14:55 - 00000000 ____D () C:\FRST
2015-03-16 12:57 - 2015-03-16 12:57 - 02095616 _____ (Farbar) C:\Users\BmanCoolio\Downloads\FRST64.exe
2015-03-16 06:11 - 2015-03-16 14:19 - 00014120 _____ () C:\Windows\PFRO.log
2015-03-16 06:11 - 2015-03-16 14:19 - 00000112 _____ () C:\Windows\setupact.log
2015-03-16 06:11 - 2015-03-16 06:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-15 23:57 - 2015-03-16 06:09 - 00000000 ____D () C:\ProgramData\{3a1eceee-8c3e-8f4f-3a1e-eceee8c33bba}
2015-03-15 23:53 - 2015-03-15 23:53 - 79310088 _____ () C:\Users\BmanCoolio\Downloads\7zip-setup.exe
2015-03-15 23:45 - 2015-03-15 23:45 - 00867785 _____ () C:\Users\BmanCoolio\Downloads\zsnesw151.zip
2015-03-15 23:34 - 2015-03-15 23:34 - 00004029 _____ () C:\Users\BmanCoolio\Desktop\pcsxr - Shortcut.lnk
2015-03-15 23:11 - 2015-03-15 23:12 - 00000000 ____D () C:\Users\BmanCoolio\Documents\PSX
2015-03-15 22:35 - 2015-03-15 23:07 - 368818216 _____ () C:\Users\BmanCoolio\Downloads\street_fighter_alpha_2.zip
2015-03-15 22:23 - 2015-03-15 22:23 - 01463630 _____ () C:\Users\BmanCoolio\Downloads\snes9x-1.53-win32.zip
2015-03-15 22:21 - 2015-03-15 22:21 - 00858978 _____ () C:\Users\BmanCoolio\Downloads\pcsxr-1.9.93-win32.zip
2015-03-15 22:20 - 2015-03-15 22:21 - 00779000 _____ (App installer ) C:\Users\BmanCoolio\Downloads\FileOpener_Setup.exe
2015-03-15 21:07 - 2015-03-15 21:07 - 00000993 _____ () C:\Users\BmanCoolio\Desktop\Fusion - Shortcut.lnk
2015-03-15 20:25 - 2015-03-15 21:08 - 00000000 ____D () C:\Users\BmanCoolio\Documents\Kega
2015-03-13 17:12 - 2015-03-13 17:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 17:52 - 2015-03-06 17:52 - 00000632 _____ () C:\Windows\CoD.INI
2015-02-28 12:45 - 2015-02-28 12:45 - 00000289 _____ () C:\Users\BmanCoolio\Desktop\PainterArtist.com.URL
2015-02-28 12:43 - 2015-02-28 12:43 - 00000236 _____ () C:\Users\BmanCoolio\Desktop\Designer Today.URL
2015-02-15 23:59 - 2015-02-15 23:59 - 00000000 ____D () C:\Windows\CheckSur
2015-02-15 20:22 - 2015-02-15 20:23 - 00000000 ____D () C:\6d7404655f1b0b9d395a2657b54d
2015-02-14 12:43 - 2015-02-21 19:45 - 00000000 ___DC () C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-02-14 12:42 - 2015-02-14 13:13 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-02-14 00:14 - 2015-02-14 14:59 - 00000000 ____D () C:\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6
2015-02-14 00:14 - 2015-02-14 08:23 - 00000000 ____D () C:\Users\BmanCoolio\.frostwire5
2015-02-14 00:14 - 2015-02-14 00:15 - 00000000 ____D () C:\Users\BmanCoolio\FrostWire
2015-02-14 00:13 - 2015-02-14 14:59 - 00000000 ____D () C:\Program Files (x86)\FrostWire

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 14:28 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 14:28 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 14:27 - 2014-10-22 09:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 14:25 - 2012-07-15 14:38 - 01853392 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 14:25 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 14:21 - 2012-07-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-16 14:20 - 2015-02-07 09:54 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 14:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 14:05 - 2012-07-15 14:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 14:00 - 2015-02-07 09:54 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 12:14 - 2015-02-12 04:29 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-16 06:27 - 2015-02-07 11:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-16 06:11 - 2014-10-25 05:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-16 06:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2015-03-16 00:31 - 2014-08-24 07:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-13 17:02 - 2015-02-07 10:00 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 16:46 - 2014-10-25 10:29 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1414247339
2015-03-13 16:46 - 2014-10-25 10:28 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-13 16:40 - 2014-06-25 16:57 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-06 17:54 - 2014-08-03 03:50 - 00000000 ____D () C:\Program Files (x86)\Call of Duty Game of the Year Edition
2015-03-01 04:12 - 2014-11-03 23:39 - 00000221 _____ () C:\Users\BmanCoolio\Desktop\Vectips.com.URL
2015-02-24 04:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 05:05 - 2014-03-29 21:02 - 00000000 ____D () C:\Users\BmanCoolio
2015-02-21 19:47 - 2014-06-27 04:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-21 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2015-02-21 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-02-21 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-21 19:45 - 2015-02-11 20:03 - 00000000 ____D () C:\SFA
2015-02-21 19:45 - 2014-11-17 18:55 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-02-21 19:45 - 2014-11-17 18:22 - 00000000 ____D () C:\ProgramData\Protexis64
2015-02-21 19:45 - 2014-10-25 09:27 - 00000000 ____D () C:\Program Files (x86)\Aurora
2015-02-21 19:45 - 2014-10-25 05:27 - 00000000 ____D () C:\Program Files (x86)\Aurora.bak
2015-02-21 19:45 - 2014-10-22 10:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-21 19:45 - 2014-08-03 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2015-02-21 19:45 - 2014-07-16 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-21 19:45 - 2014-06-27 16:05 - 00000000 ____D () C:\Program Files\My Dell
2015-02-21 19:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-21 19:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-02-21 19:37 - 2014-06-27 16:04 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-21 19:37 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\BmanCoolio\AppData\Roaming\Adobe
2015-02-21 19:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-21 19:36 - 2014-07-01 08:11 - 00000000 __RHD () C:\MSOCache
2015-02-15 19:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-02-15 18:21 - 2014-06-27 04:46 - 00000000 ____D () C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2015-01-16 14:59 - 2015-01-16 14:59 - 0047465 _____ () C:\Users\BmanCoolio\AppData\Roaming\default.rss
2014-07-03 17:39 - 2014-07-03 17:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-30 13:57 - 2014-10-30 22:53 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 13:34

==================== End Of Log ============================

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by BmanCoolio at 2015-03-16 14:55:34
Running from C:\Users\BmanCoolio\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty Game of the Year Edition (HKLM-x32\...\Call of Duty Game of the Year Edition) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Corel Painter 13 - IPM (Version: 13.1 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.0 - Corel Corporation) Hidden
Corel Painter X3 (HKLM\...\_{EF449371-6B69-49C8-B789-76A0B0E3446B}) (Version: 13.0.0.704 - Corel Corporation)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect (HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\73f463568823ebbe) (Version: 5.11.0.3 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.215 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.18 - Creative Technology Ltd)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.52 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Medal of Honor Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0a2 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{dec524d7-1fa0-49f3-bf43-ddb9d68d7e61}) (Version:  - Nero AG)
Opera Stable 28.0.1750.40 (HKLM-x32\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
Painter 13 - Contentx64 (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.0 - Corel Corporation) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.17 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.199 - McAfee, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.11500.11.105 - Nero AG) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-02-2015 19:33:54 Restore Operation
01-03-2015 01:00:02 Scheduled Checkpoint
01-03-2015 04:59:21 Windows Update
12-03-2015 19:36:28 Scheduled Checkpoint
16-03-2015 03:15:08 Windows Update
16-03-2015 05:39:27 Removed UpdateAdmin

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2617E19A-BCB4-4C59-82D3-906E8077C344} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {282667DE-CF4E-42DA-9118-9AA188688CE6} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {342CC23F-113B-4C67-B121-735A97EE1FCE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4CB36AC4-DDA3-40F1-AE5D-3C706F9C68E9} - System32\Tasks\Opera scheduled Autoupdate 1414247339 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-10] (Opera Software)
Task: {541723CB-9C19-4B18-AF46-751090356C29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {647A12DC-7799-4463-A71A-3EFE9262E12E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {6556E0E0-4C0D-4795-B01A-61F064BFCA91} - System32\Tasks\{BB3ACAA4-66A0-4E58-AFE4-EDC061383A20} => pcalua.exe -a C:\MOHPA\setup\setup.exe -d C:\MOHPA\setup
Task: {72B2E2DE-8D1B-41EF-B090-D6A2E3CD9B63} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {81286D6C-9E18-4309-92C7-A0A3053CF235} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {8436347B-8837-4EAF-B6E4-A039D67E5DE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8B308D4D-5587-49EA-862A-41C35C025527} - System32\Tasks\{DDA48F07-B2EF-4519-B7FA-173CA5AA2C3A} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {A89B914C-FFAF-4631-BC02-C2C287E36C49} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {B5F6DE02-0CCD-4D14-9A6B-0EF9E57DD28B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {C3335E9D-54AA-4294-BAE7-FDB009E5660E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {CC601E89-8F1C-4DB6-9BDE-1CAF2B250883} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {CD8802E4-B1BE-4058-BE9C-54DA8C30F15E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E746F981-EBDC-4845-A164-513788D781CC} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2014-06-26 22:52 - 2011-09-08 17:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-07-15 15:10 - 2012-01-26 22:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-24 12:39 - 2014-11-24 12:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-10-23 12:31 - 2014-10-23 12:31 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-07-15 14:56 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-15 14:59 - 2012-01-20 12:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-794987168-578894477-3975257818-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^BmanCoolio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^BmanCoolio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\BmanCoolio\AppData\Local\Apps\2.0\EBX19CN3.JNY\5AP7D5JX.6BP\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_EC8FA8E2C6B80317444F2FCA3A07BB3F => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\BmanCoolio\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\BmanCoolio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== Accounts: =============================

Administrator (S-1-5-21-794987168-578894477-3975257818-500 - Administrator - Disabled)
BmanCoolio (S-1-5-21-794987168-578894477-3975257818-1000 - Administrator - Enabled) => C:\Users\BmanCoolio
Guest (S-1-5-21-794987168-578894477-3975257818-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-794987168-578894477-3975257818-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 02:23:19 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (03/16/2015 02:21:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2015 02:13:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.1.5542, time stamp: 0x54f851c0
Faulting module name: mozalloc.dll, version: 36.0.1.5542, time stamp: 0x54f8437e
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x113c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (03/16/2015 09:13:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (03/16/2015 07:09:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcsxr.exe, version: 1.0.0.1, time stamp: 0x521d1919
Faulting module name: DFSound.dll_unloaded, version: 0.0.0.0, time stamp: 0x521bde2a
Exception code: 0xc0000005
Fault offset: 0x03647560
Faulting process id: 0x19cc
Faulting application start time: 0xpcsxr.exe0
Faulting application path: pcsxr.exe1
Faulting module path: pcsxr.exe2
Report Id: pcsxr.exe3

Error: (03/16/2015 07:06:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcsxr.exe, version: 1.0.0.1, time stamp: 0x521d1919
Faulting module name: DFSound.dll_unloaded, version: 0.0.0.0, time stamp: 0x521bde2a
Exception code: 0xc0000005
Fault offset: 0x03547560
Faulting process id: 0x1560
Faulting application start time: 0xpcsxr.exe0
Faulting application path: pcsxr.exe1
Faulting module path: pcsxr.exe2
Report Id: pcsxr.exe3

Error: (03/16/2015 07:03:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcsxr.exe, version: 1.0.0.1, time stamp: 0x521d1919
Faulting module name: PadSSSPSX.dll_unloaded, version: 0.0.0.0, time stamp: 0x521be066
Exception code: 0xc0000005
Fault offset: 0x00242e50
Faulting process id: 0x464
Faulting application start time: 0xpcsxr.exe0
Faulting application path: pcsxr.exe1
Faulting module path: pcsxr.exe2
Report Id: pcsxr.exe3

Error: (03/16/2015 06:15:43 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (03/16/2015 06:12:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2015 06:12:26 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (03/16/2015 02:25:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 02:21:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 02:20:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 02:19:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/16/2015 02:18:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/16/2015 02:18:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/16/2015 02:18:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/16/2015 02:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2015 02:18:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BBUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2015 02:18:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/14/2015 10:15:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 972 seconds with 960 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 8063.41 MB
Available physical RAM: 6098.64 MB
Total Pagefile: 16125 MB
Available Pagefile: 13907.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:868.83 GB) (Free:780.82 GB) NTFS
Drive g: (Projects) (Fixed) (Total:48.83 GB) (Free:48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: D9478200)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=868.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)

==================== End Of Log ============================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:04 PM

Posted 16 March 2015 - 02:14 PM

Let's do a final check up:

Step 1


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 OrangeDragon80

OrangeDragon80
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia
  • Local time:03:04 PM

Posted 16 March 2015 - 02:40 PM

Here's my HitmanPro log file:

 

HitmanPro 3.7.9.238
www.hitmanpro.com

   Computer name . . . . : JERLANDO80
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : JERLANDO80\BmanCoolio
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-03-16 15:32:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 70
   Traces  . . . . . . . : 74

   Objects scanned . . . : 1,366,258
   Files scanned . . . . : 28,183
   Remnants scanned  . . : 302,033 files / 1,036,042 keys

Malware _____________________________________________________________________

   C:\Windows\Temp\optsetup.exe
      Size . . . . . . . : 5,859,152 bytes
      Age  . . . . . . . : 0.6 days (2015-03-15 23:57:39)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 382583788E8161155D50AF5F916ABEAEEA18AFDA9314A445FB01C41B5F460E4C
      Product  . . . . . : Optimizer Pro 3.2                                           
      Publisher  . . . . : PCUtilities Software Limited                                
      Description  . . . : Optimizer PRO – Clean up your PC                            
      Version  . . . . . : 3.3.1.7
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Kaspersky  . . . . : Trojan.Win32.Inject.unuf
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -0.7s C:\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Cookies\QNF6PWAE.txt
         -0.7s C:\ProgramData\{3a1eceee-8c3e-8f4f-3a1e-eceee8c33bba}\
         -0.5s C:\ProgramData\{3a1eceee-8c3e-8f4f-3a1e-eceee8c33bba}\OptimizerPro.dat
         -0.1s C:\AdwCleaner\Quarantine\C\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro.lnk.vir
          0.0s C:\WINDOWS\Temp\optsetup.exe
          0.0s C:\WINDOWS\Temp\optsetup.exe
          0.0s C:\WINDOWS\Temp\optsetup.exe


Suspicious files ____________________________________________________________

   C:\Users\BmanCoolio\Downloads\FRST64.exe
      Size . . . . . . . : 2,095,616 bytes
      Age  . . . . . . . : 0.1 days (2015-03-16 12:57:22)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)

Potential Unwanted Programs _________________________________________________

   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)

Cookies _____________________________________________________________________

   C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\cookies.sqlite:casalemedia.com
 

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:04 PM

Posted 16 March 2015 - 04:36 PM

Ok...


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 OrangeDragon80

OrangeDragon80
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia
  • Local time:03:04 PM

Posted 16 March 2015 - 05:31 PM

Finally, here is my ESET online scanner log file:  Sorry for the delay.

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b981e60f1aeb56488a8708724b24827b
# engine=22935
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-16 10:23:38
# local_time=2015-03-16 06:23:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5123 16777214 88 100 11535462 188411596 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 178088068 0 0
# scanned=200483
# found=6
# cleaned=0
# scan_time=4327
sh=78D39055963B638142A26F6A1CA0858557F1553D ft=1 fh=22097666a78966a3 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=E51D31466DA5738E4D029C788B93EF7D428648A3 ft=1 fh=5cf3f026d273c9eb vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=DF0765B860F93B7B2BAECDB8FDEA3548ECFD0A4F ft=1 fh=2849404541389ad3 vn="a variant of Win32/DownloadAdmin.I potentially unwanted application" ac=I fn="C:\Users\BmanCoolio\Downloads\7zip-setup.exe"
sh=5C2D4AB671C97B91C72612421AD96C0CA8CCF286 ft=1 fh=4452d1b39f9b205a vn="a variant of Win32/InstallCore.XM potentially unwanted application" ac=I fn="C:\Users\BmanCoolio\Downloads\FileOpener_Setup.exe"
sh=AC4E64C18F0FDFDD36D7972E17A7D65445288514 ft=1 fh=ec512804b1a15b73 vn="a variant of Win32/InstallCore.XC potentially unwanted application" ac=I fn="C:\WINDOWS\Temp\ICReinstall_CR_Downloader_for_gens.exe"
sh=2ECF89E045FE44CB3D4C549D2BA4D3F530B7D2CA ft=1 fh=b71ec981fdc82ac5 vn="multiple threats" ac=I fn="C:\WINDOWS\Temp\optsetup.exe"

 

Just in case, here is my Hitman Pro log again:

 

HitmanPro 3.7.9.238
www.hitmanpro.com

   Computer name . . . . : JERLANDO80
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : JERLANDO80\BmanCoolio
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-03-16 15:32:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 70
   Traces  . . . . . . . : 74

   Objects scanned . . . : 1,366,258
   Files scanned . . . . : 28,183
   Remnants scanned  . . : 302,033 files / 1,036,042 keys

Malware _____________________________________________________________________

   C:\Windows\Temp\optsetup.exe
      Size . . . . . . . : 5,859,152 bytes
      Age  . . . . . . . : 0.6 days (2015-03-15 23:57:39)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 382583788E8161155D50AF5F916ABEAEEA18AFDA9314A445FB01C41B5F460E4C
      Product  . . . . . : Optimizer Pro 3.2                                           
      Publisher  . . . . : PCUtilities Software Limited                                
      Description  . . . : Optimizer PRO – Clean up your PC                            
      Version  . . . . . : 3.3.1.7
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Kaspersky  . . . . : Trojan.Win32.Inject.unuf
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -0.7s C:\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Cookies\QNF6PWAE.txt
         -0.7s C:\ProgramData\{3a1eceee-8c3e-8f4f-3a1e-eceee8c33bba}\
         -0.5s C:\ProgramData\{3a1eceee-8c3e-8f4f-3a1e-eceee8c33bba}\OptimizerPro.dat
         -0.1s C:\AdwCleaner\Quarantine\C\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro.lnk.vir
          0.0s C:\WINDOWS\Temp\optsetup.exe
          0.0s C:\WINDOWS\Temp\optsetup.exe
          0.0s C:\WINDOWS\Temp\optsetup.exe


Suspicious files ____________________________________________________________

   C:\Users\BmanCoolio\Downloads\FRST64.exe
      Size . . . . . . . : 2,095,616 bytes
      Age  . . . . . . . : 0.1 days (2015-03-16 12:57:22)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)

Potential Unwanted Programs _________________________________________________

   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)

Cookies _____________________________________________________________________

   C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\cookies.sqlite:casalemedia.com


 

Edited by OrangeDragon80, 16 March 2015 - 05:32 PM.


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:04 PM

Posted 17 March 2015 - 03:46 AM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> No Name - {BEE84524-0CA6-42F9-AA8B-44B42E6DA651} -  No File
    Task: {81286D6C-9E18-4309-92C7-A0A3053CF235} - \TidyNetwork Update No Task File <==== ATTENTION
    HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
    [-HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
    [-HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
    [-HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]
    [-HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}]
    [-HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}]
    [-HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}]
    [-HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}]
    [-HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]
    [-HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}]
    [-HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}]
    [-HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}]
    [-HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]
    [-HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]
    [-HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]
    [-HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]
    [-HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]
    [-HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}]
    [-HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}]
    [-HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}]
    [-HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}]
    [-HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]
    [-HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]
    [-HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]
    [-HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]
    [-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}]
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Edited by deeprybka, 17 March 2015 - 03:46 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 OrangeDragon80

OrangeDragon80
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia
  • Local time:03:04 PM

Posted 17 March 2015 - 04:29 PM

Thanks for everything. You guys rock.

 

Here's my Fixlog.txt file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by BmanCoolio at 2015-03-17 17:04:53 Run:1
Running from C:\Users\BmanCoolio\Downloads
Loaded Profiles: BmanCoolio (Available profiles: BmanCoolio)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> No Name - {BEE84524-0CA6-42F9-AA8B-44B42E6DA651} -  No File
Task: {81286D6C-9E18-4309-92C7-A0A3053CF235} - \TidyNetwork Update No Task File <==== ATTENTION
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
[-HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]
[-HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}]
[-HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}]
[-HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}]
[-HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}]
[-HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]
[-HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}]
[-HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}]
[-HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}]
[-HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]
[-HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]
[-HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]
[-HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]
[-HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]
[-HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}]
[-HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}]
[-HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}]
[-HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}]
[-HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]
[-HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]
[-HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]
[-HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]
[-HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}]
EmptyTemp:
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BEE84524-0CA6-42F9-AA8B-44B42E6DA651} => value deleted successfully.
HKCR\CLSID\{BEE84524-0CA6-42F9-AA8B-44B42E6DA651} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81286D6C-9E18-4309-92C7-A0A3053CF235}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81286D6C-9E18-4309-92C7-A0A3053CF235}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
"HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\.exe" => Key deleted successfully.
HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} => Key not found.
HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4} => Key not found.
HKU\S-1-5-21-794987168-578894477-3975257818-1000_Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000} => Key not found.
EmptyTemp: => Removed 48.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:08:49 ====



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:04 PM

Posted 17 March 2015 - 04:52 PM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 OrangeDragon80

OrangeDragon80
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia
  • Local time:03:04 PM

Posted 18 March 2015 - 12:24 AM

Here is the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by BmanCoolio (administrator) on JERLANDO80 on 18-03-2015 01:18:29
Running from C:\Users\BmanCoolio\Downloads
Loaded Profiles: BmanCoolio (Available profiles: BmanCoolio)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\WINDOWS\SysWOW64\PSIService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Run: [GoogleChromeAutoLaunch_EC8FA8E2C6B80317444F2FCA3A07BB3F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Run: [DellSystemDetect] => C:\Users\BmanCoolio\AppData\Local\Apps\2.0\EBX19CN3.JNY\5AP7D5JX.6BP\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-12] (Dell)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-794987168-578894477-3975257818-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {D2716C32-A323-4027-8210-1EDE5C8EECDC} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D2716C32-A323-4027-8210-1EDE5C8EECDC} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> {25F75212-B957-484D-9E00-FA47653A4095} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11047
SearchScopes: HKU\S-1-5-21-794987168-578894477-3975257818-1000 -> {5275A818-60FB-45CF-A345-CF7322BFD64C} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140713&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2014-09-04] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-09-04] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445
FF NewTab:
FF DefaultSearchEngine: Yahoo:
FF DefaultSearchEngine.US: Bing
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://techcrunch.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-09-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-09-04] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-794987168-578894477-3975257818-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF SearchPlugin: C:\Users\BmanCoolio\AppData\Roaming\Mozilla\Firefox\Profiles\dc2e3no3.default-1414593443445\searchplugins\yahoo-1.xml [2015-03-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-06-25]
FF HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-12-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.dexigner.com/
CHR StartupUrls: Default -> "hxxp://www.techcrunch.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B211US0D20140713&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Google Sheets) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (SiteAdvisor) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Gmail) - C:\Users\BmanCoolio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-12]
CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-12]

Opera:
=======
OPR StartupUrls: "hxxp://techcrunch.com/"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-11-17] (Macrovision Europe Ltd.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-03-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-04-27] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-04-27] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
U3 mfeapfk01; No ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 16:49 - 2015-03-17 17:10 - 00000112 _____ () C:\Windows\setupact.log
2015-03-17 16:49 - 2015-03-17 16:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-16 20:55 - 2015-03-16 20:55 - 00017288 _____ () C:\Windows\system32\.crusader
2015-03-16 17:04 - 2015-03-16 17:04 - 02347384 _____ (ESET) C:\Users\BmanCoolio\Downloads\esetsmartinstaller_enu.exe
2015-03-16 15:37 - 2015-03-16 17:04 - 00023292 _____ () C:\Users\BmanCoolio\Downloads\HitmanPro_20150316_1537.log
2015-03-16 15:31 - 2015-03-16 20:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-16 15:29 - 2015-03-16 15:30 - 10995632 _____ (SurfRight B.V.) C:\Users\BmanCoolio\Downloads\HitmanPro_x64.exe
2015-03-16 14:46 - 2015-03-16 14:46 - 00001053 _____ () C:\Users\BmanCoolio\Downloads\MWbites.txt
2015-03-16 14:23 - 2015-03-16 15:04 - 00004287 _____ () C:\Users\BmanCoolio\Downloads\AdwCleaner[S0].txt
2015-03-16 14:13 - 2015-03-16 14:18 - 00000000 ____D () C:\AdwCleaner
2015-03-16 14:12 - 2015-03-16 14:12 - 02171392 _____ () C:\Users\BmanCoolio\Downloads\AdwCleaner.exe
2015-03-16 13:00 - 2015-03-18 01:19 - 00019938 _____ () C:\Users\BmanCoolio\Downloads\FRST.txt
2015-03-16 13:00 - 2015-03-16 14:57 - 00034784 _____ () C:\Users\BmanCoolio\Downloads\Addition.txt
2015-03-16 12:58 - 2015-03-18 01:18 - 00000000 ____D () C:\FRST
2015-03-16 12:57 - 2015-03-16 12:57 - 02095616 _____ (Farbar) C:\Users\BmanCoolio\Downloads\FRST64.exe
2015-03-15 23:53 - 2015-03-15 23:53 - 79310088 _____ () C:\Users\BmanCoolio\Downloads\7zip-setup.exe
2015-03-15 23:34 - 2015-03-15 23:34 - 00004029 _____ () C:\Users\BmanCoolio\Desktop\pcsxr - Shortcut.lnk
2015-03-15 23:11 - 2015-03-15 23:12 - 00000000 ____D () C:\Users\BmanCoolio\Documents\PSX
2015-03-15 22:20 - 2015-03-15 22:21 - 00779000 _____ (App installer ) C:\Users\BmanCoolio\Downloads\FileOpener_Setup.exe
2015-03-15 21:07 - 2015-03-15 21:07 - 00000993 _____ () C:\Users\BmanCoolio\Desktop\Fusion - Shortcut.lnk
2015-03-15 20:25 - 2015-03-15 21:08 - 00000000 ____D () C:\Users\BmanCoolio\Documents\Kega
2015-03-13 17:12 - 2015-03-13 17:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 17:52 - 2015-03-06 17:52 - 00000632 _____ () C:\Windows\CoD.INI
2015-02-28 12:45 - 2015-02-28 12:45 - 00000289 _____ () C:\Users\BmanCoolio\Desktop\PainterArtist.com.URL
2015-02-28 12:43 - 2015-02-28 12:43 - 00000236 _____ () C:\Users\BmanCoolio\Desktop\Designer Today.URL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 01:16 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 01:05 - 2012-07-15 14:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 00:59 - 2015-02-07 09:54 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-17 17:17 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 17:17 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 17:15 - 2012-07-15 14:38 - 01894288 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 17:11 - 2015-02-07 09:54 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-17 17:11 - 2012-07-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-17 17:10 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 21:10 - 2014-08-24 07:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-16 14:27 - 2014-10-22 09:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 12:14 - 2015-02-12 04:29 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-16 06:27 - 2015-02-07 11:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-16 06:11 - 2014-10-25 05:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-16 06:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2015-03-13 17:02 - 2015-02-07 10:00 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 16:46 - 2014-10-25 10:29 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1414247339
2015-03-13 16:46 - 2014-10-25 10:28 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-13 16:40 - 2014-06-25 16:57 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-06 17:54 - 2014-08-03 03:50 - 00000000 ____D () C:\Program Files (x86)\Call of Duty Game of the Year Edition
2015-03-01 04:12 - 2014-11-03 23:39 - 00000221 _____ () C:\Users\BmanCoolio\Desktop\Vectips.com.URL
2015-02-24 04:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 05:05 - 2014-03-29 21:02 - 00000000 ____D () C:\Users\BmanCoolio
2015-02-21 19:47 - 2014-06-27 04:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-21 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2015-02-21 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-02-21 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-21 19:45 - 2015-02-11 20:03 - 00000000 ____D () C:\SFA
2015-02-21 19:45 - 2014-11-17 18:55 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-02-21 19:45 - 2014-11-17 18:22 - 00000000 ____D () C:\ProgramData\Protexis64
2015-02-21 19:45 - 2014-10-25 09:27 - 00000000 ____D () C:\Program Files (x86)\Aurora
2015-02-21 19:45 - 2014-10-25 05:27 - 00000000 ____D () C:\Program Files (x86)\Aurora.bak
2015-02-21 19:45 - 2014-10-22 10:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-21 19:45 - 2014-08-03 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2015-02-21 19:45 - 2014-07-16 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-21 19:45 - 2014-06-27 16:05 - 00000000 ____D () C:\Program Files\My Dell
2015-02-21 19:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-21 19:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-02-21 19:37 - 2014-06-27 16:04 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-21 19:37 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\BmanCoolio\AppData\Roaming\Adobe
2015-02-21 19:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-21 19:36 - 2014-07-01 08:11 - 00000000 __RHD () C:\MSOCache

==================== Files in the root of some directories =======

2015-01-16 14:59 - 2015-01-16 14:59 - 0047465 _____ () C:\Users\BmanCoolio\AppData\Roaming\default.rss
2014-07-03 17:39 - 2014-07-03 17:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-30 13:57 - 2014-10-30 22:53 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 13:34

==================== End Of Log ============================

 

Here is the addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by BmanCoolio at 2015-03-18 01:19:25
Running from C:\Users\BmanCoolio\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty Game of the Year Edition (HKLM-x32\...\Call of Duty Game of the Year Edition) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Corel Painter 13 - IPM (Version: 13.1 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.0 - Corel Corporation) Hidden
Corel Painter X3 (HKLM\...\_{EF449371-6B69-49C8-B789-76A0B0E3446B}) (Version: 13.0.0.704 - Corel Corporation)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect (HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\73f463568823ebbe) (Version: 5.11.0.3 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.215 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.18 - Creative Technology Ltd)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.52 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Medal of Honor Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0a2 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{dec524d7-1fa0-49f3-bf43-ddb9d68d7e61}) (Version:  - Nero AG)
Opera Stable 28.0.1750.40 (HKLM-x32\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
Painter 13 - Contentx64 (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.0 - Corel Corporation) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.17 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.199 - McAfee, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-794987168-578894477-3975257818-1000\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.11500.11.105 - Nero AG) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-03-2015 01:00:02 Scheduled Checkpoint
01-03-2015 04:59:21 Windows Update
12-03-2015 19:36:28 Scheduled Checkpoint
16-03-2015 03:15:08 Windows Update
16-03-2015 05:39:27 Removed UpdateAdmin
16-03-2015 20:53:50 Checkpoint by HitmanPro
16-03-2015 20:55:02 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2617E19A-BCB4-4C59-82D3-906E8077C344} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {282667DE-CF4E-42DA-9118-9AA188688CE6} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {342CC23F-113B-4C67-B121-735A97EE1FCE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4CB36AC4-DDA3-40F1-AE5D-3C706F9C68E9} - System32\Tasks\Opera scheduled Autoupdate 1414247339 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-10] (Opera Software)
Task: {541723CB-9C19-4B18-AF46-751090356C29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {647A12DC-7799-4463-A71A-3EFE9262E12E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {6556E0E0-4C0D-4795-B01A-61F064BFCA91} - System32\Tasks\{BB3ACAA4-66A0-4E58-AFE4-EDC061383A20} => pcalua.exe -a C:\MOHPA\setup\setup.exe -d C:\MOHPA\setup
Task: {72B2E2DE-8D1B-41EF-B090-D6A2E3CD9B63} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {8436347B-8837-4EAF-B6E4-A039D67E5DE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8B308D4D-5587-49EA-862A-41C35C025527} - System32\Tasks\{DDA48F07-B2EF-4519-B7FA-173CA5AA2C3A} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {A89B914C-FFAF-4631-BC02-C2C287E36C49} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {B5F6DE02-0CCD-4D14-9A6B-0EF9E57DD28B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {C3335E9D-54AA-4294-BAE7-FDB009E5660E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {CC601E89-8F1C-4DB6-9BDE-1CAF2B250883} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {CD8802E4-B1BE-4058-BE9C-54DA8C30F15E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E746F981-EBDC-4845-A164-513788D781CC} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2014-06-26 22:52 - 2011-09-08 17:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-07-15 15:10 - 2012-01-26 22:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-24 12:39 - 2014-11-24 12:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-10-23 12:31 - 2014-10-23 12:31 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-07-15 14:56 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-15 14:59 - 2012-01-20 12:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-794987168-578894477-3975257818-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BmanCoolio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^BmanCoolio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^BmanCoolio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\BmanCoolio\AppData\Local\Apps\2.0\EBX19CN3.JNY\5AP7D5JX.6BP\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_EC8FA8E2C6B80317444F2FCA3A07BB3F => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\BmanCoolio\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\BmanCoolio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== Accounts: =============================

Administrator (S-1-5-21-794987168-578894477-3975257818-500 - Administrator - Disabled)
BmanCoolio (S-1-5-21-794987168-578894477-3975257818-1000 - Administrator - Enabled) => C:\Users\BmanCoolio
Guest (S-1-5-21-794987168-578894477-3975257818-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-794987168-578894477-3975257818-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2015 00:46:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/18/2015 00:46:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/17/2015 11:30:30 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (03/17/2015 06:26:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/17/2015 06:24:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/17/2015 05:12:48 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (03/17/2015 05:12:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 04:53:48 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (03/17/2015 04:51:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2015 09:00:00 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1


System errors:
=============
Error: (03/18/2015 01:16:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/17/2015 11:01:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/17/2015 05:26:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/17/2015 05:11:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/17/2015 05:10:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (03/17/2015 05:09:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/17/2015 05:09:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/17/2015 05:09:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/17/2015 05:05:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (03/17/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/14/2015 10:15:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 972 seconds with 960 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 8063.41 MB
Available physical RAM: 6053.04 MB
Total Pagefile: 16125 MB
Available Pagefile: 13868.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:868.83 GB) (Free:782.65 GB) NTFS
Drive g: (Projects) (Fixed) (Total:48.83 GB) (Free:48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: D9478200)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=868.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)

==================== End Of Log ============================



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:04 PM

Posted 18 March 2015 - 03:46 AM

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or appreciate the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Flash Player 16 PPAPI

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:04 PM

Posted 20 March 2015 - 04:44 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users