Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs installing on their own, website redirects, etc


  • This topic is locked This topic is locked
29 replies to this topic

#1 SupDoodz

SupDoodz

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 27 April 2015 - 06:10 PM

I keep having random programs install themselves on my computer. I've ran Malwarebytes many times but it hasn't gotten rid of the source although it keeps finding things to remove. Websites are not currently redirecting so I don't have any examples to give. TIA FOR THE HELP!! Below are my logs from FRST:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by Dustin at 2015-04-27 17:58:54
Running from C:\Users\Dustin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4109178945-1565091869-1535269173-500 - Administrator - Disabled)
Dustin (S-1-5-21-4109178945-1565091869-1535269173-1001 - Administrator - Enabled) => C:\Users\Dustin
Guest (S-1-5-21-4109178945-1565091869-1535269173-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4109178945-1565091869-1535269173-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.5.2171.95 - The Crossbrowse Authors) <==== ATTENTION!
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{4B4EDB7B-4F54-4B86-8A4A-E1C5803CA374}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden
Ninja Loader (HKLM-x32\...\Ninja Loader) (Version: 157.0.0.1703 - CLICK YES BELOW LP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PE-DESIGN Ver.6 (HKLM-x32\...\{B202B201-5D15-4CA7-A978-047AB4A28960}) (Version: ANY - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SketchUp 2015 (HKLM-x32\...\{3538F216-5559-4FE0-B235-A8EB46628F07}) (Version: 15.2.687 - Trimble Navigation Limited)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
SystemContinue (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9617fb41}) (Version:  - Software Publisher) <==== ATTENTION
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
11-04-2015 02:39:38 Scheduled Checkpoint
16-04-2015 05:19:35 Windows Update
24-04-2015 03:54:04 Scheduled Checkpoint
26-04-2015 16:52:42 Removed Bonjour
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01CD4DE8-E99A-4E1B-90C1-CD3199D44CCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {04343141-E696-40A6-AB78-2370D5DD4FF0} - System32\Tasks\RLGLJVC => C:\ProgramData\2434a646fe504ea78bc4f632a39b6b2f\2434a646fe504ea78bc4f632a39b6b2f.exe [2015-04-26] ()
Task: {04B03547-B803-40D4-AB10-D527AE1F8D77} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {0F6B455F-146F-4117-B353-EB31CAC670A9} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-04-27] () <==== ATTENTION
Task: {1E466305-4C2E-4CA8-B507-D5E3F863E31B} - \WebBarLaunchTask No Task File <==== ATTENTION
Task: {28ADF611-FCCF-4E82-9A62-82269BC83B05} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333639383831323237302d5a376c5a4a6c573250344141 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {29544232-D7B4-44BB-9505-7EA0E452E1CD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {3078C89D-2C03-469E-A413-8A111E4CCD43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {31CF08BE-7F46-4E3A-9F73-EE5A8D5FF919} - \Web Protector Plus Server No Task File <==== ATTENTION
Task: {33C9C896-8D13-4D05-B9D5-283CAB25502C} - \ObronaCleanerUacSkip No Task File <==== ATTENTION
Task: {373E23B1-AE85-4C6F-AA23-A5AF893AE03C} - System32\Tasks\TCLABJUFHU => C:\ProgramData\d22a273fd9c048468c5b9aad7e6b94dd\d22a273fd9c048468c5b9aad7e6b94dd.exe [2015-03-18] ()
Task: {415C7A90-F715-4083-BDE2-1FAD84BBFF5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)
Task: {48A49DC4-523C-4C40-8FC7-F88ABDCF161D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {4DFAB575-78D0-4CDF-958A-8DDFF50BBBA6} - \WebBarUpdateTask No Task File <==== ATTENTION
Task: {5566C513-905A-4479-B759-821D973B16CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {61FBFC21-24FE-4433-AB36-CB9C56CA7BB5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {67CD0679-7E13-462E-A8D9-ECF2F65C75FD} - System32\Tasks\JMQVDQZXY1 => C:\ProgramData\FlashBeat\FlashBeat.exe
Task: {69F719BB-C955-4376-927B-B61BF4C46B84} - System32\Tasks\HPCeeScheduleForDustin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6B632A27-AD7E-4BF9-A8FC-13C1E58F3584} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {74D88141-CFB8-4DED-A5D3-4537DBD61899} - System32\Tasks\FEEBSRSBLJ => C:\ProgramData\0f7a91f66753441797bc4566805f0898\0f7a91f66753441797bc4566805f0898.exe [2015-04-17] ()
Task: {7B098793-FEE5-4895-B8E0-A18C96890502} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {81346362-9411-46A3-A820-79BB47604C0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)
Task: {8868CA27-B516-4A69-BF67-FFB580C1F88C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
Task: {9A25CF6C-0BA8-42F9-8079-CC609D354875} - \Startup Time Check No Task File <==== ATTENTION
Task: {A6AF8714-FBBE-4546-8E8B-C6822C74D8A4} - System32\Tasks\PVYJW => C:\Users\Dustin\AppData\Roaming\PVYJW.exe <==== ATTENTION
Task: {B7374BFB-AF9D-4957-AFE1-4FB4725FD666} - \Web Protector Plus No Task File <==== ATTENTION
Task: {B8EAD179-9391-4C1B-A65B-338159A54F65} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {BB9F8267-8DF5-4229-A9ED-B97FC3E5BE7F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-26] (Microsoft Corporation)
Task: {BF62ADB2-0A7D-40CA-8340-515ACB795F39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {C40D0EFA-FEB8-4F6A-858C-0C40DBF918EB} - System32\Tasks\Sjmumm8aoDDGvi6 => C:\Users\Dustin\AppData\Roaming\Sjmumm8aoDDGvi6.exe <==== ATTENTION
Task: {CE1C2814-E006-498B-AE8E-640BF0703E9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {EDB56428-33F7-468B-918B-07359B676121} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-26] (Microsoft Corporation)
Task: {F5B201D9-F1A0-45E1-A8D1-825D1E5F4BC3} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: C:\windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForDustin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\JMQVDQZXY1.job => C:\ProgramData\FlashBeat\FlashBeat.exe
Task: C:\windows\Tasks\PVYJW.job => C:\Users\Dustin\AppData\Roaming\PVYJW.exe <==== ATTENTION
Task: C:\windows\Tasks\Sjmumm8aoDDGvi6.job => C:\Users\Dustin\AppData\Roaming\Sjmumm8aoDDGvi6.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-02-26 07:02 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-26 07:02 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-04-27 04:02 - 2015-04-27 04:02 - 00266240 _____ () C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\nsu174D.tmp
2015-04-26 17:06 - 2015-04-26 17:06 - 00123904 _____ () C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\jnsn6354.tmp
2015-04-17 08:49 - 2015-04-17 08:49 - 00224256 _____ () C:\Users\Dustin\AppData\Roaming\2E051100-1429278531-11E4-B3D6-60029221C1A2\jnsc1F7.tmp
2014-10-30 12:50 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-02-26 07:03 - 2015-02-26 07:03 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-10-30 12:46 - 2014-03-31 04:56 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-07 14:05 - 2015-04-07 14:05 - 00109160 _____ () C:\Program Files (x86)\Ninja Loader\Modules\Core.dll
2015-04-07 14:05 - 2015-04-07 14:05 - 00058984 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BdUdr.dll
2015-04-07 14:06 - 2015-04-07 14:06 - 00041576 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WInIn.dll
2015-04-07 14:04 - 2015-04-07 14:04 - 00039528 _____ () C:\Program Files (x86)\Ninja Loader\Modules\ArSp.dll
2015-04-07 14:05 - 2015-04-07 14:05 - 00117352 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BrSp.dll
2015-04-07 14:05 - 2015-04-07 14:05 - 00090728 _____ () C:\Program Files (x86)\Ninja Loader\Modules\CdPrc.dll
2015-04-07 14:06 - 2015-04-07 14:06 - 00096872 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WbSt.dll
2015-04-07 14:06 - 2015-04-07 14:06 - 00056424 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WdCtl.dll
2015-04-27 17:48 - 2015-03-16 13:13 - 01070592 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\libglesv2.dll
2015-04-27 17:48 - 2015-03-16 13:13 - 00204800 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\libegl.dll
2015-04-27 17:48 - 2015-03-16 13:13 - 09002496 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\pdf.dll
2015-04-27 17:48 - 2015-03-16 13:13 - 00896512 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\ffmpegsumo.dll
2015-04-27 17:48 - 2015-03-16 13:13 - 14913352 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\PepperFlash\pepflashplayer.dll
2015-04-27 17:48 - 2015-03-26 09:13 - 01091584 _____ () C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\libglesv2.dll
2015-04-27 17:48 - 2015-03-26 09:13 - 00167936 _____ () C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\libEGL.dll
2015-04-27 17:48 - 2015-03-26 09:39 - 08569856 _____ () C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\pdf.dll
2015-04-27 17:48 - 2015-03-26 09:18 - 00324608 _____ () C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\ppGoogleNaClPluginChrome.dll
2015-04-27 17:48 - 2015-03-26 09:14 - 00880128 _____ () C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\ffmpegsumo.dll
2015-04-27 17:48 - 2014-09-22 23:07 - 14891848 _____ () C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [EventForwarder-In-TCP] => (Allow) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [{0469A2CC-EC66-43C9-8620-5DCC2D27AFF0}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{1ACEE08F-6E58-451A-9925-0910ACE31EFC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{554DA80C-FEA2-462C-80A8-7F40672F500F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{0DF326B0-AA31-4D93-87CC-9E8CDD18C327}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{2A74B549-908E-4B77-B5F6-DD4BC7310FFD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{890F74B5-C5BC-4076-B61A-860AD21DBE70}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E494C721-FC7E-47B4-9CB3-6EB93B07FF21}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{810651A8-7B67-465F-834A-5580C011A136}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A70F90F9-A2BE-47B8-AA62-DBD6BFFBFC3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5004FE96-B31E-44D9-8DB1-A9DAB347ED5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{210D000D-0337-4DE8-AF5B-3AE824622781}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D5AA9BF-1EE2-4BD0-92A2-EA276E44AC58}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{73B7D2BC-96BE-46B7-B50C-394C13008468}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E0AF2AB2-28E8-4C86-9358-9C8A36B37E94}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\nsa1FCE.tmp\CnetInstaller-10257337.exe
FirewallRules: [{75572FD4-4A7F-4900-B08D-E28806A89994}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\nsa1FCE.tmp\CnetInstaller-10257337.exe
FirewallRules: [{408E00B3-6C5C-46CF-AC20-E98291D57DC1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{38852F69-709B-4930-87C1-45D340CE9B8D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D668985C-410F-4C3A-B455-FAB762601371}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{67371F51-5666-4B8D-8F4D-A047D62F4FA7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3901F020-5FED-4807-94A6-EEBCD4D9F51C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4026442F-A269-44EC-B8C4-E6C5DB19C4F9}] => (Allow) C:\Users\Dustin\AppData\Roaming\SSN\ssn.exe
FirewallRules: [{947E7202-F217-4531-84A9-518769A012DF}] => (Allow) C:\Users\Dustin\AppData\Roaming\SSN\updssn.exe
FirewallRules: [{FB79228C-6628-4989-84E5-D11160DA091A}] => (Allow) C:\Users\Dustin\AppData\Roaming\OAS\oas.exe
FirewallRules: [{F8C1FEBD-315B-4F7F-814D-70E43FB8E3A3}] => (Allow) C:\Users\Dustin\AppData\Roaming\OAS\oasupd.exe
FirewallRules: [{0CEF0AA6-F05E-4ABB-B400-15DF920463EA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{73F2393C-B255-4755-B7EB-D04DDA9A786E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F340FF1F-6133-44FE-A712-74BD151B6931}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/27/2015 05:34:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: HOMENE~2.DLL, version: 6.8.721.0, time stamp: 0x542d9bed
Exception code: 0xc0000005
Fault offset: 0x0000000000226ce1
Faulting process id: 0x940
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5
 
Error: (04/27/2015 04:05:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/27/2015 04:05:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SPPD.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary innfd_1_10_0_14.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary cherimoya.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/26/2015 04:34:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000006dfca
Faulting process id: 0x13c8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (04/26/2015 04:22:37 PM) (Source: MsiInstaller) (EventID: 11309) (User: DCBdesktop)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.
 
 
System errors:
=============
Error: (04/27/2015 05:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Anti-Spam Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/27/2015 05:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Proxy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/27/2015 05:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Platform Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/27/2015 05:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee VirusScan Announcer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/27/2015 05:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/27/2015 05:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Home Network service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/27/2015 04:03:25 AM) (Source: DCOM) (EventID: 10010) (User: DCBdesktop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/27/2015 04:02:55 AM) (Source: DCOM) (EventID: 10010) (User: DCBdesktop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/26/2015 05:58:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (04/26/2015 04:45:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Search Protect Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 20000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/27/2015 05:34:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeHOMENE~2.DLL6.8.721.0542d9bedc00000050000000000226ce194001d081399691e5a3C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exec:\PROGRA~1\COMMON~1\mcafee\mhn\HOMENE~2.DLL8c4c3dd9-ed2d-11e4-826a-60029221c1a2
 
Error: (04/27/2015 04:05:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest
 
Error: (04/27/2015 04:05:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SPPD.
 
System Error:
The system cannot find the file specified.
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary innfd_1_10_0_14.
 
System Error:
The system cannot find the file specified.
 
Error: (04/26/2015 04:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary cherimoya.
 
System Error:
The system cannot find the file specified.
 
Error: (04/26/2015 04:34:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2ntdll.dll6.3.9600.17736550f4336c0000005000000000006dfca13c801d08064f1157f6bC:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dll0b4bf90d-ec5c-11e4-8267-60029221c1a2
 
Error: (04/26/2015 04:22:37 PM) (Source: MsiInstaller) (EventID: 11309) (User: DCBdesktop)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8097.06 MB
Available physical RAM: 5274.84 MB
Total Pagefile: 9377.06 MB
Available Pagefile: 5511.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:914.58 GB) (Free:871.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.45 GB) (Free:1.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0C301D3E)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Dustin (administrator) on DCBDESKTOP on 27-04-2015 17:58:22
Running from C:\Users\Dustin\Desktop
Loaded Profiles: Dustin (Available profiles: Dustin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\nsu174D.tmp
() C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\jnsn6354.tmp
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Users\Dustin\AppData\Roaming\2E051100-1429278531-11E4-B3D6-60029221C1A2\jnsc1F7.tmp
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(CLICK YES BELOW LP) C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Dustin\AppData\Local\Ninja Loader\Discover\Discover.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\...\Run: [NinjaLoader] => C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe [1115752 2015-04-08] (CLICK YES BELOW LP)
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\...\Run: [GoogleChromeAutoLaunch_CB574789FE1F5A856BB89D0FF225B011] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-16] (Crossbrowse)
Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-04-27]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching.com/search.aspx?s=F4Nzbuzdk00CN1,fce1c080-dba6-4563-82aa-be50644f8e30,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4109178945-1565091869-1535269173-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching.com/search.aspx?s=F4Nzbuzdk00CN1,fce1c080-dba6-4563-82aa-be50644f8e30,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4109178945-1565091869-1535269173-1001 -> {625A8E03-8D8A-476B-952E-0E39F1E51ADC} URL = http://www-searching.com/search.aspx?s=F4Nzbuzdk00CN1,fce1c080-dba6-4563-82aa-be50644f8e30,&site=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4109178945-1565091869-1535269173-1001 -> {B2775188-0E8C-47E2-AF69-AD3F150CBD30} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-26] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-26] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-26] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-12-21] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-30]
FF HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox
FF Extension: NinjaLoader - C:\Program Files (x86)\Ninja Loader\FireFox [2015-04-27]
 
Chrome: 
=======
CHR Profile: C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-26]
CHR Extension: (YouTube) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-26]
CHR Extension: (Google Search) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-26]
CHR Extension: (Google Sheets) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (Bookmark Manager) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-26]
CHR Extension: (Gmail) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cmlhbjpgeogifjnmlajdaealbdlfonah] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation)
R2 dikyfuje; C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\nsu174D.tmp [266240 2015-04-27] () [File not signed]
R2 fovudyqe; C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\jnsn6354.tmp [123904 2015-04-26] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-31] (Intel Corporation)
R2 kunekiko; C:\Users\Dustin\AppData\Roaming\2E051100-1429278531-11E4-B3D6-60029221C1A2\jnsc1F7.tmp [224256 2015-04-17] () [File not signed]
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-04-07] (Ninja Soft Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2014-03-31] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-04-11] (Realtek Semiconductor Corporation                           )
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S1 bsdriver; \??\C:\windows\system32\drivers\bsdriver.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-27 17:58 - 2015-04-27 17:58 - 00023974 _____ () C:\Users\Dustin\Desktop\FRST.txt
2015-04-27 17:58 - 2015-04-27 17:58 - 00000000 ____D () C:\FRST
2015-04-27 17:56 - 2015-04-27 17:57 - 02100736 _____ (Farbar) C:\Users\Dustin\Desktop\FRST64.exe
2015-04-27 17:49 - 2015-04-27 17:49 - 00004084 _____ () C:\windows\System32\Tasks\Crossbrowse
2015-04-27 17:49 - 2015-04-27 17:49 - 00002425 _____ () C:\Users\Public\Desktop\Crossbrowse.lnk
2015-04-27 17:49 - 2015-04-27 17:49 - 00001080 _____ () C:\windows\Tasks\Crossbrowse.job
2015-04-27 17:49 - 2015-04-27 17:49 - 00000000 ____D () C:\Users\Dustin\AppData\Local\Crossbrowse
2015-04-27 17:49 - 2015-04-27 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-04-27 17:48 - 2015-04-27 17:48 - 00000000 ____D () C:\Program Files (x86)\Crossbrowse
2015-04-27 17:47 - 2015-04-27 17:48 - 00000000 ____D () C:\Users\Dustin\AppData\Local\Ninja Loader
2015-04-27 17:47 - 2015-04-27 17:47 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-04-27 17:47 - 2015-04-27 17:47 - 00000000 ____D () C:\Program Files (x86)\Ninja Loader
2015-04-26 17:19 - 2015-04-27 17:31 - 00000354 _____ () C:\windows\Tasks\JMQVDQZXY1.job
2015-04-26 17:19 - 2015-04-26 17:19 - 00003566 _____ () C:\windows\System32\Tasks\RLGLJVC
2015-04-26 17:19 - 2015-04-26 17:19 - 00002868 _____ () C:\windows\System32\Tasks\JMQVDQZXY1
2015-04-26 17:19 - 2015-04-26 17:19 - 00000000 ____D () C:\ProgramData\2434a646fe504ea78bc4f632a39b6b2f
2015-04-26 17:18 - 2015-04-26 17:18 - 00000000 ____D () C:\ProgramData\19e2fa6374ec491188adebb934617694
2015-04-26 17:09 - 2015-04-27 17:34 - 00000000 ____D () C:\Users\Dustin\AppData\Local\2E051100-1430068179-11E4-B3D6-60029221C1A2
2015-04-26 17:06 - 2015-04-27 17:42 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2
2015-04-26 17:04 - 2015-04-27 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-26 17:03 - 2015-04-27 17:31 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 17:03 - 2015-04-27 04:08 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 17:03 - 2015-04-26 17:03 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-26 17:03 - 2015-04-26 17:03 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-26 16:23 - 2015-04-27 17:31 - 00001028 _____ () C:\windows\Tasks\Sjmumm8aoDDGvi6.job
2015-04-26 16:23 - 2015-04-26 16:23 - 00004042 _____ () C:\windows\System32\Tasks\Sjmumm8aoDDGvi6
2015-04-26 16:07 - 2015-04-26 16:07 - 00002008 _____ () C:\windows\SysWOW64\SetupComponents.exe
2015-04-23 09:05 - 2015-04-23 09:05 - 00000000 ____D () C:\Users\Dustin\AppData\Local\CrashRpt
2015-04-17 11:04 - 2015-04-17 11:04 - 00003990 _____ () C:\windows\System32\Tasks\LaunchPreSignup
2015-04-17 10:01 - 2015-04-26 16:07 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-17 09:04 - 2015-04-17 09:04 - 00003566 _____ () C:\windows\System32\Tasks\FEEBSRSBLJ
2015-04-17 09:03 - 2015-04-17 09:03 - 00000000 ____D () C:\ProgramData\0f7a91f66753441797bc4566805f0898
2015-04-17 09:01 - 2015-04-17 09:01 - 00000000 ____D () C:\ProgramData\9ae39b98b99146db8549ce327c24f5c3
2015-04-17 08:52 - 2015-04-25 03:01 - 00000000 ____D () C:\Users\Dustin\AppData\Local\2E051100-1429260733-11E4-B3D6-60029221C1A2
2015-04-17 08:48 - 2015-04-17 08:49 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\2E051100-1429278531-11E4-B3D6-60029221C1A2
2015-04-17 05:51 - 2015-04-17 05:51 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\Mozilla
2015-04-15 03:22 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-15 03:22 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-15 03:22 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-04-15 03:22 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-15 03:22 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-04-15 03:22 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 03:22 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2015-04-15 03:22 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-15 03:22 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-15 03:22 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-04-15 03:22 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-04-15 03:22 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-04-15 03:22 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-04-15 03:22 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 03:22 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-04-15 03:22 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-04-15 03:22 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 03:22 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 03:22 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 03:22 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 03:22 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-15 03:22 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 03:22 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 03:22 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 03:22 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2015-04-15 03:22 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-04-15 03:22 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 03:22 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 03:22 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 03:22 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-15 03:22 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-15 03:22 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-15 03:22 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-15 03:22 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 03:22 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 03:22 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 03:22 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-04-15 03:22 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 03:22 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-15 03:22 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-15 03:22 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 03:22 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-15 03:22 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-04-15 03:22 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-04-15 03:22 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 03:22 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 03:22 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 03:22 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-04-15 03:22 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-04-15 03:22 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-15 03:22 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 03:22 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-15 03:22 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2015-04-15 03:22 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-15 03:22 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 03:22 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 03:22 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-15 03:22 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-15 03:22 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-15 03:22 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2015-04-15 03:22 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 03:22 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-15 03:22 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-15 03:22 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2015-04-10 20:55 - 2015-04-12 21:49 - 00000000 _____ () C:\END
2015-04-05 04:26 - 2015-04-05 04:27 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-05 04:26 - 2015-04-05 04:26 - 00000000 ___SD () C:\windows\SysWOW64\GWX
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-27 17:53 - 2014-12-07 17:06 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4109178945-1565091869-1535269173-1001
2015-04-27 17:46 - 2014-12-07 16:59 - 01738099 _____ () C:\windows\WindowsUpdate.log
2015-04-27 17:36 - 2014-12-07 17:05 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{156BB7AA-9F15-4A13-AE8E-715E1BDEECB7}
2015-04-27 17:36 - 2014-10-30 12:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-04-27 17:33 - 2014-03-18 04:53 - 00891920 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-27 17:31 - 2015-03-18 20:46 - 00001362 _____ () C:\windows\Tasks\PVYJW.job
2015-04-27 17:29 - 2014-03-18 04:44 - 00495388 _____ () C:\windows\PFRO.log
2015-04-27 17:29 - 2013-08-22 09:46 - 00026294 _____ () C:\windows\setupact.log
2015-04-27 17:29 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-27 17:28 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2015-04-27 17:28 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\ADFS
2015-04-27 04:18 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2015-04-26 20:36 - 2015-03-18 20:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 17:04 - 2014-12-08 19:20 - 00000000 ____D () C:\Users\Dustin\AppData\Local\Google
2015-04-26 17:04 - 2014-12-08 19:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-26 17:03 - 2014-12-08 19:19 - 00000000 ____D () C:\Users\Dustin\AppData\Local\Deployment
2015-04-26 17:00 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\MediaViewer
2015-04-26 17:00 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-04-26 17:00 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-04-26 16:53 - 2014-10-30 12:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-04-26 16:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-26 16:12 - 2014-12-16 21:17 - 00003174 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDustin
2015-04-26 16:12 - 2014-12-16 21:17 - 00000358 _____ () C:\windows\Tasks\HPCeeScheduleForDustin.job
2015-04-26 16:10 - 2014-12-07 17:01 - 00001465 _____ () C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-26 05:51 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppCompat
2015-04-25 02:49 - 2014-12-10 21:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-25 02:49 - 2014-12-10 21:41 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-21 19:32 - 2015-03-18 20:33 - 00000045 _____ () C:\user.js
2015-04-21 16:17 - 2014-12-09 18:24 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-04-18 02:55 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2015-04-17 06:48 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2015-04-16 05:24 - 2014-12-08 20:47 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 05:22 - 2014-12-08 20:47 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-15 03:21 - 2014-12-08 20:09 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2015-04-13 20:08 - 2015-02-25 13:18 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\Foxit Software
2015-04-13 19:08 - 2015-03-18 21:00 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\uTorrent
2015-04-13 18:24 - 2013-08-22 10:38 - 00792056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-10 19:44 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2015-04-08 02:54 - 2015-03-18 20:31 - 00000000 ____D () C:\ProgramData\2acc765e00003975
2015-04-06 05:47 - 2015-03-19 17:46 - 00004020 _____ () C:\windows\System32\Tasks\LaunchSignup
2015-04-06 05:47 - 2015-03-19 17:46 - 00001992 _____ () C:\Users\Dustin\Desktop\Sync Folder.lnk
2015-03-28 16:36 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\LiveKernelReports
2015-03-28 16:36 - 2013-08-22 09:44 - 00496320 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-28 16:21 - 2015-03-20 18:20 - 00004766 _____ () C:\Users\Dustin\Desktop\K-STATE PES.pes
 
==================== Files in the root of some directories =======
 
2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\Dustin\AppData\Roaming\PVYJW
2015-03-20 06:36 - 2015-03-20 06:36 - 0002113 _____ () C:\Users\Dustin\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Dustin\AppData\Local\Temp\4709.exe
C:\Users\Dustin\AppData\Local\Temp\501.exe
C:\Users\Dustin\AppData\Local\Temp\6304.exe
C:\Users\Dustin\AppData\Local\Temp\CloudBackup1557.exe
C:\Users\Dustin\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Dustin\AppData\Local\Temp\dbjcabfcecac.exe
C:\Users\Dustin\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Dustin\AppData\Local\Temp\jue23F0.exe
C:\Users\Dustin\AppData\Local\Temp\jue625F.exe
C:\Users\Dustin\AppData\Local\Temp\jue99F1.exe
C:\Users\Dustin\AppData\Local\Temp\jueE7D.exe
C:\Users\Dustin\AppData\Local\Temp\mVO59A.exe
C:\Users\Dustin\AppData\Local\Temp\SpOrder.dll
C:\Users\Dustin\AppData\Local\Temp\tu17p84.exe
C:\Users\Dustin\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-19 05:16
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:07 AM

Posted 28 April 2015 - 10:52 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Crossbrowse 
    SystemContinue
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.(NEW VERSION)
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 SupDoodz

SupDoodz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 29 April 2015 - 06:51 AM

OK, thanks for the help!

 

I tried to uninstall one program that could be unsafe but it won't let me uninstall. I get an error that says:

 

"There was a problem starting 

c:\progra~2\common~1\instal~1\runtime\701\intel32\ctor.dll

The specified module could not be found"

 

Should I continue with Revo Uninstaller anyway?


Edited by SupDoodz, 29 April 2015 - 06:51 AM.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:07 AM

Posted 29 April 2015 - 11:51 AM

Should I continue with Revo Uninstaller anyway?


Yes, please!
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 SupDoodz

SupDoodz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 29 April 2015 - 05:36 PM

Here are the results from ADWCleaner:

 

# AdwCleaner v4.202 - Logfile created 29/04/2015 at 17:32:44
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Dustin - DCBDESKTOP
# Running from : C:\Users\Dustin\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : bsdriver
[#] Service Deleted : cEOalNemr
[#] Service Deleted : innfd_1_10_0_14

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\NetEngine
Folder Deleted : C:\ProgramData\InstallSightSDK
Folder Deleted : C:\ProgramData\ZaMQuWP
Folder Deleted : C:\ProgramData\2acc765e00003975
Folder Deleted : C:\ProgramData\7447516152144461470
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\system app
Folder Deleted : C:\Program Files (x86)\OLBPre
Folder Deleted : C:\Program Files (x86)\Infonaut_1.10.0.14
Folder Deleted : C:\Program Files (x86)\gmsd_us_503
Folder Deleted : C:\Users\Dustin\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Dustin\AppData\Local\gmsd_us_503
Folder Deleted : C:\Users\Dustin\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Dustin\AppData\Roaming\2E051100-1429278531-11E4-B3D6-60029221C1A2
Folder Deleted : C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2
Folder Deleted : C:\Users\Dustin\AppData\Roaming\2E051100-1430346101-11E4-B3D6-60029221C1A2
Folder Deleted : C:\ProgramData\ldplhlpajabalcafpdkilpkheedhpkoa
File Deleted : C:\END
File Deleted : C:\Users\Dustin\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\windows\System32\drivers\innfd_1_10_0_14.sys
File Deleted : C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Dustin\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Dustin\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Dustin\Desktop\Sync Folder.lnk

***** [ Scheduled tasks ] *****

Task Deleted : LaunchSignup
Task Deleted : ObronaCleanerUacSkip
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : Startup Time Check
Task Deleted : WebBarLaunchTask
Task Deleted : WebBarUpdateTask
Task Deleted : NetEngine

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Dustin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_503]
Key Deleted : HKLM\SOFTWARE\59a03ebc-97e4-40ff-a344-331b65c0ab8f
Key Deleted : HKLM\SOFTWARE\88c05a26-8825-4cd8-9db8-5576624597d9
Key Deleted : HKLM\SOFTWARE\a2abc33d-eab1-6bf4-77c6-672ca0e9b01f
Key Deleted : HKLM\SOFTWARE\d51aba02-65ce-4f50-8236-3c9bd25bda06
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{625A8E03-8D8A-476B-952E-0E39F1E51ADC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\IGS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_503_is1
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\WebBar

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v42.0.2311.90

[C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8270 bytes] - [29/04/2015 17:30:49]
AdwCleaner[R1].txt - [8329 bytes] - [29/04/2015 17:32:15]
AdwCleaner[S0].txt - [7836 bytes] - [29/04/2015 17:32:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7895  bytes] ##########



#6 SupDoodz

SupDoodz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 29 April 2015 - 05:57 PM

Malwarebytes results:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/29/2015
Scan Time: 5:37:55 PM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.04.29.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Dustin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333733
Time Elapsed: 16 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 31
PUP.Optional.VideoDimmer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoDimmer, Quarantined, [9e9cdd9256349d9937d312dde81b02fe], 
PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\PastaLeadsAgent, Quarantined, [a09a026dd6b4bf77648d0cc4ce35d22e], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\shopperz, Quarantined, [f34789e66624ad897380edeab84bbe42], 
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD, Quarantined, [0d2d67087b0f60d6b88c93cca263c53b], 
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION, Quarantined, [0a30caa5dbafa4921937ee71976e48b8], 
PUP.Optional.Infonaut.A, HKLM\SOFTWARE\WOW6432NODE\Infonaut_1.10.0.14, Quarantined, [152526495634f1457af3507906fdd729], 
PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\WOW6432NODE\PastaLeadsAgent, Quarantined, [0436caa54f3ba88ea74afdd3d23139c7], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\shopperz, Quarantined, [162473fcef9b53e319437258d52e8a76], 
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD, Quarantined, [b1895e11fa90e5512a1a1e41b2538e72], 
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\WOW6432NODE\HIGHDEFACTION, Quarantined, [b08ad59a4f3b40f671dffb64a461d729], 
PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PastaLeads Client, Quarantined, [4ded87e83654d264d7198e42ef14ed13], 
Rootkit.cherimoya.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, Quarantined, [142697d8dcaef2446ac2c80f847fbe42], 
PUP.Optional.PastaLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pastaleadsupd, Quarantined, [ee4c432cf39775c18c4d5cf8fd08d42c], 
PUP.Optional.PastaLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PastaLUpdd, Quarantined, [1c1ec0af0c7e1f1718dad3fd9172be42], 
PUP.Optional.Shopperz.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\shopperz Updater, Quarantined, [0d2dfc73bad04aec0be7a631748f46ba], 
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CSRCC, Quarantined, [de5c2e418dfd81b5adb9e1f8c93ae11f], 
PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [221883eced9d68ce523ef7d7ed16d32d], 
PUP.Optional.Crossrider.C, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [bb7f76f92466f442cd7b93cc2fd6738d], 
PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [9e9cc8a7ec9ea98d07891eb051b2bb45], 
PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [0238b9b6365462d4e8a8f3db37cc6898], 
PUP.Optional.Shopperz.A, HKU\S-1-5-21-4109178945-1565091869-1535269173-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [53e7254a305a5dd97b15f8d60102768a], 
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-4109178945-1565091869-1535269173-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ARENAHD, Quarantined, [102a313ee4a693a32a19d28d986dea16], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5081D2D4-1637-404c-B74F-50526718257D}, Quarantined, [a49690df0d7d4aecbe31a173868024dc], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}, Quarantined, [a49690df0d7d4aecbe31a173868024dc], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9AE7A6AE-162E-44c4-9A2B-A6B4EF19909D}, Quarantined, [a49690df0d7d4aecbe31a173868024dc], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9AE7A6AE-162E-44c4-9A2B-A6B4EF19909D}, Quarantined, [a49690df0d7d4aecbe31a173868024dc], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.jshep.1, Quarantined, [a49690df0d7d4aecbe31a173868024dc], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.jshep, Quarantined, [a49690df0d7d4aecbe31a173868024dc], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.jshep, Quarantined, [a49690df0d7d4aecbe31a173868024dc], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5081D2D4-1637-404C-B74F-50526718257D}, Quarantined, [a49690df0d7d4aecbe31a173868024dc], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}, Quarantined, [a49690df0d7d4aecbe31a173868024dc], 
 
Registry Values: 9
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD|value, 1, Quarantined, [0d2d67087b0f60d6b88c93cca263c53b]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [0a30caa5dbafa4921937ee71976e48b8]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5081D2D4-1637-404c-B74F-50526718257D}, C:\Program Files\shopperz\Firefox, Quarantined, [dc5e85ea4f3b0e28598d6b6ed2311fe1]
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD|value, 1, Quarantined, [b1895e11fa90e5512a1a1e41b2538e72]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\WOW6432NODE\HIGHDEFACTION|value, 1, Quarantined, [b08ad59a4f3b40f671dffb64a461d729]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{5081D2D4-1637-404c-B74F-50526718257D}, C:\Program Files\shopperz\Firefox, Quarantined, [f149bdb2c8c26acc5d89dafff90a3bc5]
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CSRCC|ImagePath, "C:\Program Files\shopperz\csrcc.exe", Quarantined, [de5c2e418dfd81b5adb9e1f8c93ae11f]
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-4109178945-1565091869-1535269173-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ARENAHD|value, 1, Quarantined, [102a313ee4a693a32a19d28d986dea16]
PUP.Optional.PCTuner.C, HKU\S-1-5-21-4109178945-1565091869-1535269173-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [0e2cb9b64a40bb7b7ad483dcb94c53ad]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 18
PUP.Optional.VideoDimmer.A, C:\ProgramData\VideoDimmer, Quarantined, [9e9cdd9256349d9937d312dde81b02fe], 
PUP.Optional.VideoDimmer, C:\Users\Dustin\AppData\Local\VideoDimmer, Quarantined, [2a10541b1d6da492eecc505e986bd62a], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz, Delete-on-Reboot, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\libraries, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\resources, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\locale, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\locale\en-US, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\skin, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\defaults, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\defaults\preferences, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\libraries, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\resources, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.PastaLeads.A, C:\ProgramData\PastaLeadsAgent, Quarantined, [5fdb6d02cac061d5153d774c56ad916f], 
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads, Delete-on-Reboot, [201aafc07119ef474d063b886e956a96], 
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client, Delete-on-Reboot, [201aafc07119ef474d063b886e956a96], 
 
Files: 58
Rootkit.Agent.A, C:\Windows\System32\drivers\cherimoya.sys, Delete-on-Reboot, [d0006b7ff0dae10fd4ba705bc49256bd], 
PUP.Optional.PreBackup.A, C:\Users\Dustin\AppData\Local\Temp\OnlineBackup.exe, Quarantined, [54e6bab58dfd43f33df81163ff01837d], 
PUP.Optional.PastaLeads.A, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, Delete-on-Reboot, [40fa98d70a80f04670941eb1986be51b], 
PUP.Optional.PastaLeads.A, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Delete-on-Reboot, [62d81d521b6fde582cd8319ec63d32ce], 
PUP.Optional.BoostSaves.A, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [97a3402fb7d3072fa1341ac1df24c937], 
PUP.Optional.BoostSaves.A, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [d06ac1ae8efcd85e944145969a69ff01], 
PUP.Optional.VideoDimmer.A, C:\ProgramData\VideoDimmer\app.dat, Quarantined, [9e9cdd9256349d9937d312dde81b02fe], 
PUP.Optional.VideoDimmer.A, C:\ProgramData\VideoDimmer\data.dat, Quarantined, [9e9cdd9256349d9937d312dde81b02fe], 
PUP.Optional.VideoDimmer.A, C:\ProgramData\VideoDimmer\Uninstall.exe, Quarantined, [9e9cdd9256349d9937d312dde81b02fe], 
PUP.Optional.VideoDimmer.A, C:\ProgramData\VideoDimmer\VideoDimmer.ico, Quarantined, [9e9cdd9256349d9937d312dde81b02fe], 
PUP.Optional.Boost.A, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [b882511ea8e2a1953ba49063ca39936d], 
PUP.Optional.Boost.A, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [7bbfea854e3cd066a33c5a99c93af907], 
PUP.Optional.Vitruvian.A, C:\Users\Dustin\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [60da58170c7efc3ae70496bec04518e8], 
PUP.Optional.Vitruvian.A, C:\Users\Dustin\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [77c3026d7a106accde0d55ffc83db54b], 
PUP.Optional.Vitruvian.A, C:\Users\Dustin\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [e753105f1f6b52e453987bd98085956b], 
PUP.Optional.Vitruvian.A, C:\Users\Dustin\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [073388e7484270c6ea0181d309fcf30d], 
PUP.Optional.Vitruvian.A, C:\Users\Dustin\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [b4861857a8e2e84e8962b0a424e145bb], 
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe, Delete-on-Reboot, [ee4c432cf39775c18c4d5cf8fd08d42c], 
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys, Quarantined, [1c1ec0af0c7e1f1718dad3fd9172be42], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\nseven.exe, Delete-on-Reboot, [0d2dfc73bad04aec0be7a631748f46ba], 
Rootkit.Agent.A, C:\Program Files\shopperz\csrcc.exe, Delete-on-Reboot, [de5c2e418dfd81b5adb9e1f8c93ae11f], 
PUP.Optional.VideoDimmer, C:\Users\Dustin\AppData\Local\VideoDimmer\data2.dat, Quarantined, [2a10541b1d6da492eecc505e986bd62a], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\csrcc.exe, Delete-on-Reboot, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\garrus.dll, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\gcpum.dll, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\kasumi32.dll, Delete-on-Reboot, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\kasumi64.dll, Delete-on-Reboot, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios.dll, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios64.dll, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\liara.dll, Delete-on-Reboot, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\liara64.dll, Delete-on-Reboot, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\mseff32.dll, Delete-on-Reboot, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\mseff64.dll, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\nfregdrv64.exe, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\prexec.exe, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\tree.js, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\tsoni.dll, Delete-on-Reboot, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\tsoni64.dll, Delete-on-Reboot, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\unins000.dat, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\unins000.exe, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome.manifest, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\icon.png, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\install.rdf, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\{5081D2D4-1637-404c-B74F-50526718257D}.xpi, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\main.js, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\main.xul, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\libraries\DataExchangeScript.js, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\resources\LocalScript.js, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\locale\en-US\overlay.dtd, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\skin\overlay.css, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\defaults\preferences\defaults.js, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\libraries\DataExchangeScript.js, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\resources\LocalScript.js, Quarantined, [8baf8de2a4e6171ffaa52a9491722bd5], 
PUP.Optional.PastaLeads.A, C:\ProgramData\PastaLeadsAgent\startprocess.js, Quarantined, [5fdb6d02cac061d5153d774c56ad916f], 
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadsa.exe, Quarantined, [201aafc07119ef474d063b886e956a96], 
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, Delete-on-Reboot, [201aafc07119ef474d063b886e956a96], 
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali64.dll, Delete-on-Reboot, [201aafc07119ef474d063b886e956a96], 
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\uninstall.exe, Quarantined, [201aafc07119ef474d063b886e956a96], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 SupDoodz

SupDoodz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 29 April 2015 - 06:00 PM

FRST Log:

 

 
 
LastRegBack: 2015-04-29 05:31
 
==================== End Of Log ============================
 
 
Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Dustin at 2015-04-29 17:59:28
Running from C:\Users\Dustin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4109178945-1565091869-1535269173-500 - Administrator - Disabled)
Dustin (S-1-5-21-4109178945-1565091869-1535269173-1001 - Administrator - Enabled) => C:\Users\Dustin
Guest (S-1-5-21-4109178945-1565091869-1535269173-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4109178945-1565091869-1535269173-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Eppink (HKLM-x32\...\Eppink) (Version: 1.0.0.0 - Eppink)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{4B4EDB7B-4F54-4B86-8A4A-E1C5803CA374}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MyPC Backup  (HKLM-x32\...\OLBPre) (Version:  - MyPC Backup) <==== ATTENTION
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
PE-DESIGN Ver.6 (HKLM-x32\...\{B202B201-5D15-4CA7-A978-047AB4A28960}) (Version: ANY - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
shopperz 2.0.0.458 (HKLM\...\{5081D2D4-1637-404c-B74F-50526718257D}_is1) (Version: 2.0.0.458 - shopperz) <==== ATTENTION
SketchUp 2015 (HKLM-x32\...\{3538F216-5559-4FE0-B235-A8EB46628F07}) (Version: 15.2.687 - Trimble Navigation Limited)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
11-04-2015 02:39:38 Scheduled Checkpoint
16-04-2015 05:19:35 Windows Update
24-04-2015 03:54:04 Scheduled Checkpoint
26-04-2015 16:52:42 Removed Bonjour
29-04-2015 17:26:12 Revo Uninstaller's restore point - SystemContinue
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01CD4DE8-E99A-4E1B-90C1-CD3199D44CCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {04343141-E696-40A6-AB78-2370D5DD4FF0} - System32\Tasks\RLGLJVC => C:\ProgramData\2434a646fe504ea78bc4f632a39b6b2f\2434a646fe504ea78bc4f632a39b6b2f.exe [2015-04-26] ()
Task: {04B03547-B803-40D4-AB10-D527AE1F8D77} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {0B09ECAC-C242-484D-944F-EDB5CD98FDA7} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333639383831323237302d5a376c5a4a6c573250344141 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {29544232-D7B4-44BB-9505-7EA0E452E1CD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {3078C89D-2C03-469E-A413-8A111E4CCD43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {31CF08BE-7F46-4E3A-9F73-EE5A8D5FF919} - \Web Protector Plus Server No Task File <==== ATTENTION
Task: {373E23B1-AE85-4C6F-AA23-A5AF893AE03C} - System32\Tasks\TCLABJUFHU => C:\ProgramData\d22a273fd9c048468c5b9aad7e6b94dd\d22a273fd9c048468c5b9aad7e6b94dd.exe [2015-03-18] ()
Task: {415C7A90-F715-4083-BDE2-1FAD84BBFF5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)
Task: {48A49DC4-523C-4C40-8FC7-F88ABDCF161D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {5566C513-905A-4479-B759-821D973B16CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {61D402C7-35EB-40AC-9E57-4EC50C8F8C51} - System32\Tasks\HPCeeScheduleForDustin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {61FBFC21-24FE-4433-AB36-CB9C56CA7BB5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {67CD0679-7E13-462E-A8D9-ECF2F65C75FD} - System32\Tasks\JMQVDQZXY1 => C:\ProgramData\FlashBeat\FlashBeat.exe
Task: {6B632A27-AD7E-4BF9-A8FC-13C1E58F3584} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {74D88141-CFB8-4DED-A5D3-4537DBD61899} - System32\Tasks\FEEBSRSBLJ => C:\ProgramData\0f7a91f66753441797bc4566805f0898\0f7a91f66753441797bc4566805f0898.exe [2015-04-17] ()
Task: {81346362-9411-46A3-A820-79BB47604C0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)
Task: {8B8B964A-B55A-495A-899C-15C8285ABF6A} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {A6AF8714-FBBE-4546-8E8B-C6822C74D8A4} - System32\Tasks\PVYJW => C:\Users\Dustin\AppData\Roaming\PVYJW.exe <==== ATTENTION
Task: {B0DD8688-AC40-437F-8164-F1D90EE49A9F} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.86\OptProLauncher.exe [2015-04-26] () <==== ATTENTION
Task: {B7374BFB-AF9D-4957-AFE1-4FB4725FD666} - \Web Protector Plus No Task File <==== ATTENTION
Task: {BB9F8267-8DF5-4229-A9ED-B97FC3E5BE7F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-26] (Microsoft Corporation)
Task: {BF62ADB2-0A7D-40CA-8340-515ACB795F39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C40D0EFA-FEB8-4F6A-858C-0C40DBF918EB} - System32\Tasks\Sjmumm8aoDDGvi6 => C:\Users\Dustin\AppData\Roaming\Sjmumm8aoDDGvi6.exe <==== ATTENTION
Task: {CE1C2814-E006-498B-AE8E-640BF0703E9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {EDB56428-33F7-468B-918B-07359B676121} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-26] (Microsoft Corporation)
Task: {F6820D68-D15A-441E-85EC-B84BFEE4FD00} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForDustin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\JMQVDQZXY1.job => C:\ProgramData\FlashBeat\FlashBeat.exe
Task: C:\windows\Tasks\PVYJW.job => C:\Users\Dustin\AppData\Roaming\PVYJW.exe <==== ATTENTION
Task: C:\windows\Tasks\Sjmumm8aoDDGvi6.job => C:\Users\Dustin\AppData\Roaming\Sjmumm8aoDDGvi6.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-02-26 07:02 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-26 07:02 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-10-30 12:50 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-02-26 07:03 - 2015-02-26 07:03 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-04-29 17:46 - 2015-04-26 11:46 - 00422952 _____ () C:\Program Files (x86)\Optimizer Pro 3.86\OptProSmartScan.exe
2015-04-29 17:46 - 2015-04-26 11:46 - 00892968 _____ () C:\Program Files (x86)\Optimizer Pro 3.86\OptProReminder.exe
2015-04-29 17:46 - 2015-04-29 17:46 - 01792552 _____ () c:\Program Files (x86)\Optimizer Pro 3.86\OptProMon.dll
2015-04-26 17:04 - 2015-04-13 16:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-26 17:04 - 2015-04-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2014-10-30 12:46 - 2014-03-31 04:56 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0469A2CC-EC66-43C9-8620-5DCC2D27AFF0}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{1ACEE08F-6E58-451A-9925-0910ACE31EFC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{554DA80C-FEA2-462C-80A8-7F40672F500F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{0DF326B0-AA31-4D93-87CC-9E8CDD18C327}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{2A74B549-908E-4B77-B5F6-DD4BC7310FFD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{890F74B5-C5BC-4076-B61A-860AD21DBE70}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E494C721-FC7E-47B4-9CB3-6EB93B07FF21}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{810651A8-7B67-465F-834A-5580C011A136}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A70F90F9-A2BE-47B8-AA62-DBD6BFFBFC3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5004FE96-B31E-44D9-8DB1-A9DAB347ED5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{210D000D-0337-4DE8-AF5B-3AE824622781}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D5AA9BF-1EE2-4BD0-92A2-EA276E44AC58}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{73B7D2BC-96BE-46B7-B50C-394C13008468}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E0AF2AB2-28E8-4C86-9358-9C8A36B37E94}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\nsa1FCE.tmp\CnetInstaller-10257337.exe
FirewallRules: [{75572FD4-4A7F-4900-B08D-E28806A89994}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\nsa1FCE.tmp\CnetInstaller-10257337.exe
FirewallRules: [{408E00B3-6C5C-46CF-AC20-E98291D57DC1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{38852F69-709B-4930-87C1-45D340CE9B8D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D668985C-410F-4C3A-B455-FAB762601371}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{67371F51-5666-4B8D-8F4D-A047D62F4FA7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3901F020-5FED-4807-94A6-EEBCD4D9F51C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4026442F-A269-44EC-B8C4-E6C5DB19C4F9}] => (Allow) C:\Users\Dustin\AppData\Roaming\SSN\ssn.exe
FirewallRules: [{947E7202-F217-4531-84A9-518769A012DF}] => (Allow) C:\Users\Dustin\AppData\Roaming\SSN\updssn.exe
FirewallRules: [{FB79228C-6628-4989-84E5-D11160DA091A}] => (Allow) C:\Users\Dustin\AppData\Roaming\OAS\oas.exe
FirewallRules: [{F8C1FEBD-315B-4F7F-814D-70E43FB8E3A3}] => (Allow) C:\Users\Dustin\AppData\Roaming\OAS\oasupd.exe
FirewallRules: [{73F2393C-B255-4755-B7EB-D04DDA9A786E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FA7320E0-6ED0-47A3-8657-1EEC62BF427D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/29/2015 05:50:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 598
 
Start Time: 01d082cedbeb7d33
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 2d79b260-eec2-11e4-826d-60029221c1a2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/29/2015 05:49:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000374
Fault offset: 0x000e5624
Faulting process id: 0x1060
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (04/29/2015 05:30:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x73c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (04/29/2015 06:38:33 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4324) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (04/29/2015 05:32:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/29/2015 05:32:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/28/2015 05:46:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/28/2015 05:46:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/28/2015 05:43:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/28/2015 05:43:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/29/2015 05:56:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Type Hub service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 05:56:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Infonaut 1.10.0.14 Client Service service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 05:56:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Area Single Spaced service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 05:56:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Topology Duration service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 05:33:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Type Hub service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 05:33:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Infonaut 1.10.0.14 Client Service service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 05:33:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Area Single Spaced service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 05:33:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Topology Duration service failed to start due to the following error: 
%%2
 
Error: (04/29/2015 05:33:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (04/29/2015 05:33:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
 
Microsoft Office Sessions:
=========================
Error: (04/29/2015 05:50:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1741659801d082cedbeb7d330C:\Program Files\Internet Explorer\iexplore.exe2d79b260-eec2-11e4-826d-60029221c1a2
 
Error: (04/29/2015 05:49:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.17736550f42c2c0000374000e5624106001d082ce87bf24b8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll0732cba7-eec2-11e4-826d-60029221c1a2
 
Error: (04/29/2015 05:30:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2USER32.dll6.3.9600.17736550f4336c000014200000000000ec18073c01d082cc0be745feC:\windows\explorer.exeUSER32.dll499fbd6e-eebf-11e4-826c-60029221c1a2
 
Error: (04/29/2015 06:38:33 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail4324WindowsMail0:
 
Error: (04/29/2015 05:32:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest
 
Error: (04/29/2015 05:32:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest
 
Error: (04/28/2015 05:46:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest
 
Error: (04/28/2015 05:46:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest
 
Error: (04/28/2015 05:43:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest
 
Error: (04/28/2015 05:43:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8097.06 MB
Available physical RAM: 6293.59 MB
Total Pagefile: 9377.06 MB
Available Pagefile: 7534.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:914.58 GB) (Free:871.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.45 GB) (Free:1.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0C301D3E)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:07 AM

Posted 30 April 2015 - 11:36 AM

 

FRST Log:

 

 
 
LastRegBack: 2015-04-29 05:31
 
==================== End Of Log ============================
 
 

 

Hi, the FRST.txt is missing...:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 SupDoodz

SupDoodz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 30 April 2015 - 01:29 PM


 
FRST Log:
 
 
 
LastRegBack: 2015-04-29 05:31
 
==================== End Of Log ============================
 
 

 
Hi, the FRST.txt is missing...:)
That's all there was, it was empty

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:07 AM

Posted 30 April 2015 - 01:34 PM

Oh...OK. In this case please re-run FRST:

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 SupDoodz

SupDoodz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 30 April 2015 - 05:40 PM

Ok, it gave me results this time:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Dustin (administrator) on DCBDESKTOP on 30-04-2015 17:39:47
Running from C:\Users\Dustin\Desktop
Loaded Profiles: Dustin (Available profiles: Dustin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\OLBPre\OLBPre.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-29]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{7d755933-c5cf-c23c-7d75-55933c5c64cf}\hqghumeaylnlf.exe (PC Utilities Software Limited)
Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-04-29]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\OLBPre\OLBPre.exe ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> {B2775188-0E8C-47E2-AF69-AD3F150CBD30} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {B2775188-0E8C-47E2-AF69-AD3F150CBD30} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4109178945-1565091869-1535269173-1001 -> {B2775188-0E8C-47E2-AF69-AD3F150CBD30} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-26] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-26] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-26] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-12-21] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-30]

Chrome:
=======
CHR Profile: C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-26]
CHR Extension: (YouTube) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-26]
CHR Extension: (Google Search) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-26]
CHR Extension: (Google Sheets) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (Bookmark Manager) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-26]
CHR Extension: (Gmail) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-31] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 dikyfuje; C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\nsu174D.tmp [X]
S2 fovudyqe; C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\jnsn6354.tmp [X]
S2 insvc_1.10.0.14; "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" [X]
S2 kunekiko; C:\Users\Dustin\AppData\Roaming\2E051100-1429278531-11E4-B3D6-60029221C1A2\jnsc1F7.tmp [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 bsdriver; C:\windows\system32\drivers\bsdriver.sys [35800 2015-04-26] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2014-03-31] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-04-11] (Realtek Semiconductor Corporation                           )
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 18:02 - 2015-04-29 18:02 - 00001886 _____ () C:\Users\Dustin\Desktop\MyPC Backup.lnk
2015-04-29 18:02 - 2015-04-29 18:02 - 00000000 ____D () C:\ProgramData\a21de2800006d76
2015-04-29 18:02 - 2015-04-29 18:02 - 00000000 ____D () C:\Program Files (x86)\OLBPre
2015-04-29 17:59 - 2015-04-30 17:39 - 00019283 _____ () C:\Users\Dustin\Desktop\FRST.txt
2015-04-29 17:58 - 2015-04-29 17:58 - 00000000 ____D () C:\Users\Dustin\Desktop\FRST-OlderVersion
2015-04-29 17:49 - 2015-04-26 13:41 - 00035800 _____ () C:\windows\system32\Drivers\bsdriver.sys
2015-04-29 17:46 - 2015-04-29 17:57 - 00000000 ____D () C:\ProgramData\{7d755933-c5cf-c23c-7d75-55933c5c64cf}
2015-04-29 17:46 - 2015-04-29 17:46 - 00000000 ____D () C:\Users\Dustin\Documents\Optimizer Pro
2015-04-29 17:30 - 2015-04-29 17:32 - 00000000 ____D () C:\AdwCleaner
2015-04-29 17:30 - 2015-04-29 17:30 - 02224640 _____ () C:\Users\Dustin\Desktop\adwcleaner_4.202.exe
2015-04-29 17:23 - 2015-04-29 17:23 - 00001291 _____ () C:\Users\Dustin\Desktop\Revo Uninstaller.lnk
2015-04-29 17:23 - 2015-04-29 17:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-29 17:22 - 2015-04-29 17:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dustin\Desktop\revosetup.exe
2015-04-29 17:22 - 2015-04-29 17:22 - 00000000 ____D () C:\VideoDimmer
2015-04-27 19:03 - 2015-04-27 19:03 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-27 17:58 - 2015-04-30 17:39 - 00000000 ____D () C:\FRST
2015-04-27 17:56 - 2015-04-29 17:58 - 02101248 _____ (Farbar) C:\Users\Dustin\Desktop\FRST64.exe
2015-04-26 17:19 - 2015-04-29 17:56 - 00000354 _____ () C:\windows\Tasks\JMQVDQZXY1.job
2015-04-26 17:19 - 2015-04-26 17:19 - 00003566 _____ () C:\windows\System32\Tasks\RLGLJVC
2015-04-26 17:19 - 2015-04-26 17:19 - 00002868 _____ () C:\windows\System32\Tasks\JMQVDQZXY1
2015-04-26 17:19 - 2015-04-26 17:19 - 00000000 ____D () C:\ProgramData\2434a646fe504ea78bc4f632a39b6b2f
2015-04-26 17:18 - 2015-04-26 17:18 - 00000000 ____D () C:\ProgramData\19e2fa6374ec491188adebb934617694
2015-04-26 17:09 - 2015-04-27 17:34 - 00000000 ____D () C:\Users\Dustin\AppData\Local\2E051100-1430068179-11E4-B3D6-60029221C1A2
2015-04-26 17:04 - 2015-04-27 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-26 17:03 - 2015-04-30 06:08 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 17:03 - 2015-04-29 17:56 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 17:03 - 2015-04-26 17:03 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-26 17:03 - 2015-04-26 17:03 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-26 16:23 - 2015-04-30 16:23 - 00001028 _____ () C:\windows\Tasks\Sjmumm8aoDDGvi6.job
2015-04-26 16:23 - 2015-04-26 16:23 - 00004042 _____ () C:\windows\System32\Tasks\Sjmumm8aoDDGvi6
2015-04-26 16:07 - 2015-04-26 16:07 - 00002008 _____ () C:\windows\SysWOW64\SetupComponents.exe
2015-04-23 09:05 - 2015-04-23 09:05 - 00000000 ____D () C:\Users\Dustin\AppData\Local\CrashRpt
2015-04-17 11:04 - 2015-04-29 18:02 - 00003990 _____ () C:\windows\System32\Tasks\LaunchPreSignup
2015-04-17 10:01 - 2015-04-26 16:07 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-17 09:04 - 2015-04-17 09:04 - 00003566 _____ () C:\windows\System32\Tasks\FEEBSRSBLJ
2015-04-17 09:03 - 2015-04-17 09:03 - 00000000 ____D () C:\ProgramData\0f7a91f66753441797bc4566805f0898
2015-04-17 09:01 - 2015-04-17 09:01 - 00000000 ____D () C:\ProgramData\9ae39b98b99146db8549ce327c24f5c3
2015-04-17 08:52 - 2015-04-25 03:01 - 00000000 ____D () C:\Users\Dustin\AppData\Local\2E051100-1429260733-11E4-B3D6-60029221C1A2
2015-04-17 05:51 - 2015-04-17 05:51 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\Mozilla
2015-04-15 03:22 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-15 03:22 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-15 03:22 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-04-15 03:22 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-15 03:22 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-04-15 03:22 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 03:22 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2015-04-15 03:22 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-15 03:22 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-15 03:22 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-04-15 03:22 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-04-15 03:22 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-04-15 03:22 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-04-15 03:22 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 03:22 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-04-15 03:22 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-04-15 03:22 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 03:22 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 03:22 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 03:22 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 03:22 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-15 03:22 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 03:22 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 03:22 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 03:22 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2015-04-15 03:22 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-04-15 03:22 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 03:22 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 03:22 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 03:22 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-15 03:22 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-15 03:22 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-15 03:22 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-15 03:22 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 03:22 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 03:22 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 03:22 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-04-15 03:22 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 03:22 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-15 03:22 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-15 03:22 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 03:22 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-15 03:22 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-04-15 03:22 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-04-15 03:22 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 03:22 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 03:22 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 03:22 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-04-15 03:22 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-04-15 03:22 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-15 03:22 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 03:22 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-15 03:22 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2015-04-15 03:22 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-15 03:22 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 03:22 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 03:22 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-15 03:22 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-15 03:22 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-15 03:22 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2015-04-15 03:22 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 03:22 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-15 03:22 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-15 03:22 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2015-04-05 04:26 - 2015-04-05 04:27 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-05 04:26 - 2015-04-05 04:26 - 00000000 ___SD () C:\windows\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-30 17:31 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2015-04-30 16:22 - 2014-12-07 16:59 - 01147873 _____ () C:\windows\WindowsUpdate.log
2015-04-30 16:15 - 2014-12-07 17:05 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{156BB7AA-9F15-4A13-AE8E-715E1BDEECB7}
2015-04-30 05:58 - 2014-12-07 17:06 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4109178945-1565091869-1535269173-1001
2015-04-29 18:01 - 2014-10-30 12:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-04-29 18:01 - 2014-03-18 04:53 - 00891920 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-29 17:56 - 2015-03-18 20:46 - 00001362 _____ () C:\windows\Tasks\PVYJW.job
2015-04-29 17:56 - 2014-03-18 04:44 - 00685388 _____ () C:\windows\PFRO.log
2015-04-29 17:56 - 2013-08-22 09:46 - 00027552 _____ () C:\windows\setupact.log
2015-04-29 17:56 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-29 17:49 - 2015-03-18 20:33 - 00000045 _____ () C:\user.js
2015-04-29 17:47 - 2015-03-18 20:34 - 00004312 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333639383831323237302d5a376c5a4a6c573250344141
2015-04-29 17:37 - 2015-03-18 20:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-29 17:33 - 2014-12-16 21:17 - 00000358 _____ () C:\windows\Tasks\HPCeeScheduleForDustin.job
2015-04-29 06:46 - 2014-12-16 21:17 - 00003174 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDustin
2015-04-29 06:46 - 2014-12-09 18:24 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-04-27 17:28 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\ADFS
2015-04-27 04:18 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2015-04-26 17:04 - 2014-12-08 19:20 - 00000000 ____D () C:\Users\Dustin\AppData\Local\Google
2015-04-26 17:04 - 2014-12-08 19:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-26 17:03 - 2014-12-08 19:19 - 00000000 ____D () C:\Users\Dustin\AppData\Local\Deployment
2015-04-26 17:00 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\MediaViewer
2015-04-26 17:00 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-04-26 17:00 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-04-26 16:53 - 2014-10-30 12:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-04-26 16:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-26 16:10 - 2014-12-07 17:01 - 00001465 _____ () C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-26 05:51 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppCompat
2015-04-25 02:49 - 2014-12-10 21:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-25 02:49 - 2014-12-10 21:41 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-18 02:55 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2015-04-17 06:48 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2015-04-16 05:24 - 2014-12-08 20:47 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 05:22 - 2014-12-08 20:47 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-15 03:21 - 2014-12-08 20:09 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2015-04-13 20:08 - 2015-02-25 13:18 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\Foxit Software
2015-04-13 19:08 - 2015-03-18 21:00 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\uTorrent
2015-04-13 18:24 - 2013-08-22 10:38 - 00792056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-10 19:44 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel

==================== Files in the root of some directories =======

2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\Dustin\AppData\Roaming\PVYJW
2015-03-20 06:36 - 2015-03-20 06:36 - 0002113 _____ () C:\Users\Dustin\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Dustin\AppData\Local\Temp\4709.exe
C:\Users\Dustin\AppData\Local\Temp\501.exe
C:\Users\Dustin\AppData\Local\Temp\6304.exe
C:\Users\Dustin\AppData\Local\Temp\CloudBackup1557.exe
C:\Users\Dustin\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Dustin\AppData\Local\Temp\dbjcabfcecac.exe
C:\Users\Dustin\AppData\Local\Temp\e24ee926bbee4f8a85aceb111c48df1a604910.exe
C:\Users\Dustin\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Dustin\AppData\Local\Temp\jue23F0.exe
C:\Users\Dustin\AppData\Local\Temp\jue625F.exe
C:\Users\Dustin\AppData\Local\Temp\jue99F1.exe
C:\Users\Dustin\AppData\Local\Temp\jueE7D.exe
C:\Users\Dustin\AppData\Local\Temp\optprosetup.exe
C:\Users\Dustin\AppData\Local\Temp\Quarantine.exe
C:\Users\Dustin\AppData\Local\Temp\SpOrder.dll
C:\Users\Dustin\AppData\Local\Temp\sqlite3.dll
C:\Users\Dustin\AppData\Local\Temp\tu17p84.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-29 05:31

==================== End Of Log ============================



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:07 AM

Posted 01 May 2015 - 06:16 AM

Hi there,
we must repeat the procedure, because some unwanted programs has been installed in the meantime. Please perform these steps quickly and disconnect the computer from the internet afterwards.

Step 1

revouninstaller.pngRevo Uninstaller Free
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    MyPC Backup  
    Optimizer Pro v3.2 
    shopperz 2.0.0.458  
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 SupDoodz

SupDoodz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 01 May 2015 - 07:39 AM

When I ran Revo, these programs were not shown:

 

MyPC Backup

Optimizer Pro v3.2

shopperz 2.0.0.458

 

I uninstalled some programs I know aren't mine.

 

Here is the AdwCleaner report

 

# AdwCleaner v4.202 - Logfile created 01/05/2015 at 07:35:53
# Updated 23/04/2015 by Xplode
# Database : 2015-04-30.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Dustin - DCBDESKTOP
# Running from : C:\Users\Dustin\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : BrsHelper
Service Deleted : bsdriver
[#] Service Deleted : consumerinput_update
[#] Service Deleted : consumerinput_updatem
Service Deleted : sbmntr
Service Deleted : SMUpdd
Service Deleted : PastaLUpdd
[#] Service Deleted : pastaleadsupd
[#] Service Deleted : innfd_1_10_0_14

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SearchModulePlus
Folder Deleted : C:\ProgramData\PastaLeadsAgent
Folder Deleted : C:\ProgramData\{7d755933-c5cf-c23c-7d75-55933c5c64cf}
Folder Deleted : C:\Program Files (x86)\YTDownloader
Folder Deleted : C:\Program Files (x86)\Consumer Input
Folder Deleted : C:\Program Files (x86)\Crossbrowse
Folder Deleted : C:\Users\Dustin\AppData\Local\Consumer Input
Folder Deleted : C:\Users\Dustin\AppData\Local\BrowserHelper
Folder Deleted : C:\Users\Dustin\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\Dustin\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Dustin\AppData\Roaming\ASPackage
Folder Deleted : C:\Users\Dustin\AppData\Roaming\2E051100-1430434022-11E4-B3D6-60029221C1A2
Folder Deleted : C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Deleted : C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
File Deleted : C:\Users\Dustin\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\windows\System32\drivers\bsdriver.sys
File Deleted : C:\windows\System32\drivers\innfd_1_10_0_14.sys
File Deleted : C:\Users\Dustin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\crossbrowse.lnk
File Deleted : C:\Users\Dustin\Desktop\YTDownloader.lnk

***** [ Scheduled tasks ] *****

Task Deleted : ConsumerInputUpdateTaskMachineCore
Task Deleted : ConsumerInputUpdateTaskMachineUA
Task Deleted : Crossbrowse
Task Deleted : Installer_ytd
Task Deleted : SMupdate1
Task Deleted : SMWPUpd
Task Deleted : YTDownloader
Task Deleted : YTDownloaderUpd
Task Deleted : Web Protector Plus
Task Deleted : LaunchPreSignup
Task Deleted : Microsoft\Windows\Multimedia\SMupdate3
Task Deleted : Microsoft\Windows\Maintenance\SMupdate2
Task Deleted : Web Protector Plus Server

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Dustin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Dustin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Key Deleted : HKLM\SOFTWARE\a2abc33d-eab1-6bf4-77c6-672ca0e9b01f
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B8CB5329-778B-4498-9C84-6680CD0DF6E0}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\YTDownloader
Key Deleted : HKCU\Software\CrossBrowser
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKCU\Software\ClientConnect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\YTDownloader
Key Deleted : HKLM\SOFTWARE\SearchModulePlus
Key Deleted : HKLM\SOFTWARE\PastaLeadsAgent
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PastaLeads Client
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\SearchModulePlus
Key Deleted : [x64] HKLM\SOFTWARE\PastaLeadsAgent
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\WebProtectorPlus
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EFEE0228DC83E77358593193D847A0EC
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EFEE0228DC83E77358593193D847A0EC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www-searching.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v42.0.2311.90

[C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-searching.com/search.aspx?site=chuiauto&pid=s&shr=d&s=F51zbuzdk00CN1,5d52e4a9-aaaa-460c-a9ac-ae270bd5e237,&q={searchTerms}
[C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-searching.com/search.aspx?s=F51zbuzdk00CN1,5d52e4a9-aaaa-460c-a9ac-ae270bd5e237,&q={searchTerms}
[C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://www-searching.com/?s=F51zbuzdk00CN1,5d52e4a9-aaaa-460c-a9ac-ae270bd5e237,
[C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : hxxp://www-searching.com/?s=F51zbuzdk00CN1,5d52e4a9-aaaa-460c-a9ac-ae270bd5e237,
[C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://www-searching.com/search.aspx?s=F51zbuzdk00CN1,5d52e4a9-aaaa-460c-a9ac-ae270bd5e237,&q={searchTerms}

*************************

AdwCleaner[R0].txt - [8270 bytes] - [29/04/2015 17:30:49]
AdwCleaner[R1].txt - [8329 bytes] - [29/04/2015 17:32:15]
AdwCleaner[R2].txt - [9423 bytes] - [01/05/2015 07:34:48]
AdwCleaner[S0].txt - [7999 bytes] - [29/04/2015 17:32:44]
AdwCleaner[S1].txt - [8989 bytes] - [01/05/2015 07:35:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9048  bytes] ##########



#14 SupDoodz

SupDoodz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 01 May 2015 - 08:04 AM

Malwarebytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2015
Scan Time: 7:40:13 AM
Logfile: new malwarbytes log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.05.01.02
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Dustin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334539
Time Elapsed: 20 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Infonaut.A, C:\Program Files (x86)\Infonaut_1.10.0.14\Service, Delete-on-Reboot, [43f7e08fd9b165d181b0dbec7d8623dd],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#15 SupDoodz

SupDoodz
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 01 May 2015 - 08:10 AM

OK, here are the FRST and Addition reports. I will disconnect from the internet and check this thread from another device.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Dustin (administrator) on DCBDESKTOP on 01-05-2015 08:09:30
Running from C:\Users\Dustin\Desktop
Loaded Profiles: Dustin (Available profiles: Dustin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
() C:\Windows\System32\cpuminer-gw64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [cpuminer] => C:\windows\system32\cpuminer-gw64.exe [1353504 2015-04-30] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-29]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{7d755933-c5cf-c23c-7d75-55933c5c64cf}\hqghumeaylnlf.exe (No File)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> {B2775188-0E8C-47E2-AF69-AD3F150CBD30} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {B2775188-0E8C-47E2-AF69-AD3F150CBD30} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4109178945-1565091869-1535269173-1001 -> {B2775188-0E8C-47E2-AF69-AD3F150CBD30} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-26] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-26] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-26] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-26] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-12-21] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-30]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> search module
CHR DefaultSearchURL: Default -> http://www-searching.com/search.aspx?site=chuiauto&pid=s&shr=d&s=F51zbuzdk00CN1,5d52e4a9-aaaa-460c-a9ac-ae270bd5e237,&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-26]
CHR Extension: (YouTube) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-26]
CHR Extension: (NinjaLoader) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmlhbjpgeogifjnmlajdaealbdlfonah [2015-05-01]
CHR Extension: (Google Search) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-26]
CHR Extension: (Google Sheets) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (Bookmark Manager) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-26]
CHR Extension: (Gmail) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-31] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 dikyfuje; C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\nsu174D.tmp [X]
S2 fovudyqe; C:\Users\Dustin\AppData\Roaming\2E051100-1430085962-11E4-B3D6-60029221C1A2\jnsn6354.tmp [X]
S2 kunekiko; C:\Users\Dustin\AppData\Roaming\2E051100-1429278531-11E4-B3D6-60029221C1A2\jnsc1F7.tmp [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2014-03-31] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-04-11] (Realtek Semiconductor Corporation                           )
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 08:09 - 2015-05-01 08:09 - 00019263 _____ () C:\Users\Dustin\Desktop\FRST.txt
2015-05-01 07:34 - 2015-05-01 07:34 - 02224640 _____ () C:\Users\Dustin\Desktop\adwcleaner_4.202.exe
2015-05-01 07:31 - 2015-05-01 07:31 - 02224640 _____ () C:\Users\Dustin\Downloads\Unconfirmed 807237.crdownload
2015-05-01 07:19 - 2015-05-01 07:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dustin\Downloads\Unconfirmed 345765.crdownload
2015-05-01 07:18 - 2015-05-01 07:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dustin\Downloads\revosetup.exe
2015-04-30 17:47 - 2015-04-30 17:47 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\cpuminer
2015-04-30 09:42 - 2015-04-30 09:42 - 01353504 _____ () C:\windows\system32\cpuminer-gw64.exe
2015-04-29 18:02 - 2015-04-29 18:02 - 00000000 ____D () C:\ProgramData\a21de2800006d76
2015-04-29 17:58 - 2015-04-29 17:58 - 00000000 ____D () C:\Users\Dustin\Desktop\FRST-OlderVersion
2015-04-29 17:46 - 2015-04-29 17:46 - 00000000 ____D () C:\Users\Dustin\Documents\Optimizer Pro
2015-04-29 17:30 - 2015-05-01 07:36 - 00000000 ____D () C:\AdwCleaner
2015-04-29 17:23 - 2015-05-01 07:18 - 00001291 _____ () C:\Users\Dustin\Desktop\Revo Uninstaller.lnk
2015-04-29 17:23 - 2015-05-01 07:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-29 17:22 - 2015-04-29 17:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dustin\Desktop\revosetup.exe
2015-04-29 17:22 - 2015-04-29 17:22 - 00000000 ____D () C:\VideoDimmer
2015-04-28 06:30 - 2015-04-28 06:30 - 00000427 _____ () C:\windows\system32\cpuminer-conf.json
2015-04-27 17:58 - 2015-05-01 08:09 - 00000000 ____D () C:\FRST
2015-04-27 17:56 - 2015-04-29 17:58 - 02101248 _____ (Farbar) C:\Users\Dustin\Desktop\FRST64.exe
2015-04-26 17:19 - 2015-05-01 08:07 - 00000354 _____ () C:\windows\Tasks\JMQVDQZXY1.job
2015-04-26 17:19 - 2015-04-26 17:19 - 00003566 _____ () C:\windows\System32\Tasks\RLGLJVC
2015-04-26 17:19 - 2015-04-26 17:19 - 00002868 _____ () C:\windows\System32\Tasks\JMQVDQZXY1
2015-04-26 17:19 - 2015-04-26 17:19 - 00000000 ____D () C:\ProgramData\2434a646fe504ea78bc4f632a39b6b2f
2015-04-26 17:18 - 2015-04-26 17:18 - 00000000 ____D () C:\ProgramData\19e2fa6374ec491188adebb934617694
2015-04-26 17:09 - 2015-04-27 17:34 - 00000000 ____D () C:\Users\Dustin\AppData\Local\2E051100-1430068179-11E4-B3D6-60029221C1A2
2015-04-26 17:04 - 2015-05-01 07:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-26 17:03 - 2015-05-01 08:08 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 17:03 - 2015-05-01 08:07 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 17:03 - 2015-04-26 17:03 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-26 17:03 - 2015-04-26 17:03 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-26 16:23 - 2015-05-01 08:07 - 00001028 _____ () C:\windows\Tasks\Sjmumm8aoDDGvi6.job
2015-04-26 16:23 - 2015-04-26 16:23 - 00004042 _____ () C:\windows\System32\Tasks\Sjmumm8aoDDGvi6
2015-04-26 16:07 - 2015-04-26 16:07 - 00002008 _____ () C:\windows\SysWOW64\SetupComponents.exe
2015-04-23 09:05 - 2015-04-23 09:05 - 00000000 ____D () C:\Users\Dustin\AppData\Local\CrashRpt
2015-04-17 10:01 - 2015-04-26 16:07 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-17 09:04 - 2015-04-17 09:04 - 00003566 _____ () C:\windows\System32\Tasks\FEEBSRSBLJ
2015-04-17 09:03 - 2015-04-17 09:03 - 00000000 ____D () C:\ProgramData\0f7a91f66753441797bc4566805f0898
2015-04-17 09:01 - 2015-04-17 09:01 - 00000000 ____D () C:\ProgramData\9ae39b98b99146db8549ce327c24f5c3
2015-04-17 08:52 - 2015-04-25 03:01 - 00000000 ____D () C:\Users\Dustin\AppData\Local\2E051100-1429260733-11E4-B3D6-60029221C1A2
2015-04-17 05:51 - 2015-04-17 05:51 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\Mozilla
2015-04-15 03:22 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-15 03:22 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-15 03:22 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-04-15 03:22 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-15 03:22 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-04-15 03:22 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 03:22 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 03:22 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2015-04-15 03:22 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-15 03:22 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-15 03:22 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-04-15 03:22 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-04-15 03:22 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-04-15 03:22 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-04-15 03:22 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 03:22 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-04-15 03:22 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-04-15 03:22 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 03:22 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 03:22 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 03:22 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 03:22 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-15 03:22 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 03:22 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 03:22 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 03:22 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2015-04-15 03:22 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-04-15 03:22 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 03:22 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 03:22 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 03:22 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-15 03:22 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-15 03:22 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-15 03:22 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-15 03:22 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 03:22 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 03:22 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 03:22 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-04-15 03:22 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 03:22 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-15 03:22 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-15 03:22 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 03:22 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-15 03:22 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-04-15 03:22 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-04-15 03:22 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 03:22 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 03:22 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 03:22 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-04-15 03:22 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-04-15 03:22 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-15 03:22 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 03:22 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-15 03:22 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2015-04-15 03:22 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-15 03:22 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 03:22 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 03:22 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-15 03:22 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-15 03:22 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-15 03:22 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2015-04-15 03:22 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 03:22 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-15 03:22 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-15 03:22 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2015-04-05 04:26 - 2015-04-05 04:27 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-05 04:26 - 2015-04-05 04:26 - 00000000 ___SD () C:\windows\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 08:07 - 2015-03-18 20:46 - 00001362 _____ () C:\windows\Tasks\PVYJW.job
2015-05-01 08:04 - 2014-03-18 04:44 - 00764142 _____ () C:\windows\PFRO.log
2015-05-01 08:04 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\Registration
2015-05-01 08:04 - 2013-08-22 09:46 - 00027784 _____ () C:\windows\setupact.log
2015-05-01 08:04 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-01 08:04 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-05-01 08:02 - 2014-12-07 17:06 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4109178945-1565091869-1535269173-1001
2015-05-01 08:00 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2015-05-01 07:50 - 2014-12-07 16:59 - 01378827 _____ () C:\windows\WindowsUpdate.log
2015-05-01 07:42 - 2014-03-18 04:53 - 00891920 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-01 07:41 - 2014-10-30 12:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-05-01 07:40 - 2015-03-18 20:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-01 07:35 - 2014-12-07 17:01 - 00001010 _____ () C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-01 07:16 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2015-05-01 07:14 - 2015-03-18 20:34 - 00004312 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333639383831323237302d5a376c5a4a6c573250344141
2015-05-01 07:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-01 05:54 - 2014-12-07 17:05 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{156BB7AA-9F15-4A13-AE8E-715E1BDEECB7}
2015-04-29 17:49 - 2015-03-18 20:33 - 00000045 _____ () C:\user.js
2015-04-29 17:33 - 2014-12-16 21:17 - 00000358 _____ () C:\windows\Tasks\HPCeeScheduleForDustin.job
2015-04-29 06:46 - 2014-12-16 21:17 - 00003174 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDustin
2015-04-29 06:46 - 2014-12-09 18:24 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-04-27 17:28 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\ADFS
2015-04-27 04:18 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2015-04-26 17:04 - 2014-12-08 19:20 - 00000000 ____D () C:\Users\Dustin\AppData\Local\Google
2015-04-26 17:04 - 2014-12-08 19:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-26 17:03 - 2014-12-08 19:19 - 00000000 ____D () C:\Users\Dustin\AppData\Local\Deployment
2015-04-26 17:00 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\MediaViewer
2015-04-26 17:00 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-04-26 16:53 - 2014-10-30 12:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-04-26 05:51 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppCompat
2015-04-25 02:49 - 2014-12-10 21:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-25 02:49 - 2014-12-10 21:41 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-18 02:55 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2015-04-16 05:24 - 2014-12-08 20:47 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 05:22 - 2014-12-08 20:47 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-15 03:21 - 2014-12-08 20:09 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2015-04-13 20:08 - 2015-02-25 13:18 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\Foxit Software
2015-04-13 19:08 - 2015-03-18 21:00 - 00000000 ____D () C:\Users\Dustin\AppData\Roaming\uTorrent
2015-04-13 18:24 - 2013-08-22 10:38 - 00792056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-10 19:44 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel

==================== Files in the root of some directories =======

2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\Dustin\AppData\Roaming\PVYJW
2015-03-20 06:36 - 2015-03-20 06:36 - 0002113 _____ () C:\Users\Dustin\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Dustin\AppData\Local\Temp\3681.exe
C:\Users\Dustin\AppData\Local\Temp\4709.exe
C:\Users\Dustin\AppData\Local\Temp\501.exe
C:\Users\Dustin\AppData\Local\Temp\6304.exe
C:\Users\Dustin\AppData\Local\Temp\CloudBackup1557.exe
C:\Users\Dustin\AppData\Local\Temp\compete.exe
C:\Users\Dustin\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Dustin\AppData\Local\Temp\cw.exe
C:\Users\Dustin\AppData\Local\Temp\dbjcabfcecac.exe
C:\Users\Dustin\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Dustin\AppData\Local\Temp\jue23F0.exe
C:\Users\Dustin\AppData\Local\Temp\jue625F.exe
C:\Users\Dustin\AppData\Local\Temp\jue99F1.exe
C:\Users\Dustin\AppData\Local\Temp\jueE7D.exe
C:\Users\Dustin\AppData\Local\Temp\optprosetup.exe
C:\Users\Dustin\AppData\Local\Temp\Quarantine.exe
C:\Users\Dustin\AppData\Local\Temp\SpOrder.dll
C:\Users\Dustin\AppData\Local\Temp\sqlite3.dll
C:\Users\Dustin\AppData\Local\Temp\tu17p84.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-29 05:31

==================== End Of Log ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Dustin at 2015-05-01 08:09:51
Running from C:\Users\Dustin\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4109178945-1565091869-1535269173-500 - Administrator - Disabled)
Dustin (S-1-5-21-4109178945-1565091869-1535269173-1001 - Administrator - Enabled) => C:\Users\Dustin
Guest (S-1-5-21-4109178945-1565091869-1535269173-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4109178945-1565091869-1535269173-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
CPU Miner (HKLM\...\cpuminer) (Version: 1.1 - Open Source)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{4B4EDB7B-4F54-4B86-8A4A-E1C5803CA374}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PE-DESIGN Ver.6 (HKLM-x32\...\{B202B201-5D15-4CA7-A978-047AB4A28960}) (Version: ANY - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SketchUp 2015 (HKLM-x32\...\{3538F216-5559-4FE0-B235-A8EB46628F07}) (Version: 15.2.687 - Trimble Navigation Limited)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

11-04-2015 02:39:38 Scheduled Checkpoint
16-04-2015 05:19:35 Windows Update
24-04-2015 03:54:04 Scheduled Checkpoint
26-04-2015 16:52:42 Removed Bonjour
29-04-2015 17:26:12 Revo Uninstaller's restore point - SystemContinue
01-05-2015 07:20:20 Revo Uninstaller's restore point - Ninja Loader

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01CD4DE8-E99A-4E1B-90C1-CD3199D44CCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {04343141-E696-40A6-AB78-2370D5DD4FF0} - System32\Tasks\RLGLJVC => C:\ProgramData\2434a646fe504ea78bc4f632a39b6b2f\2434a646fe504ea78bc4f632a39b6b2f.exe [2015-04-26] ()
Task: {04B03547-B803-40D4-AB10-D527AE1F8D77} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {12B968C2-5798-4DBE-99D6-781CF720DB16} - \SMW_UpdateTask_Time_333639383831323237302d5a376c5a4a6c573250344141 No Task File <==== ATTENTION
Task: {29544232-D7B4-44BB-9505-7EA0E452E1CD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {3078C89D-2C03-469E-A413-8A111E4CCD43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {373E23B1-AE85-4C6F-AA23-A5AF893AE03C} - System32\Tasks\TCLABJUFHU => C:\ProgramData\d22a273fd9c048468c5b9aad7e6b94dd\d22a273fd9c048468c5b9aad7e6b94dd.exe [2015-03-18] ()
Task: {415C7A90-F715-4083-BDE2-1FAD84BBFF5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)
Task: {48A49DC4-523C-4C40-8FC7-F88ABDCF161D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {5566C513-905A-4479-B759-821D973B16CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {61D402C7-35EB-40AC-9E57-4EC50C8F8C51} - System32\Tasks\HPCeeScheduleForDustin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {61FBFC21-24FE-4433-AB36-CB9C56CA7BB5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {67CD0679-7E13-462E-A8D9-ECF2F65C75FD} - System32\Tasks\JMQVDQZXY1 => C:\ProgramData\FlashBeat\FlashBeat.exe
Task: {6B632A27-AD7E-4BF9-A8FC-13C1E58F3584} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {74D88141-CFB8-4DED-A5D3-4537DBD61899} - System32\Tasks\FEEBSRSBLJ => C:\ProgramData\0f7a91f66753441797bc4566805f0898\0f7a91f66753441797bc4566805f0898.exe [2015-04-17] ()
Task: {81346362-9411-46A3-A820-79BB47604C0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)
Task: {A6AF8714-FBBE-4546-8E8B-C6822C74D8A4} - System32\Tasks\PVYJW => C:\Users\Dustin\AppData\Roaming\PVYJW.exe <==== ATTENTION
Task: {B7CCE041-598C-4901-A90A-3DF2FF818367} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333639383831323237302d5a376c5a4a6c573250344141 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {BB9F8267-8DF5-4229-A9ED-B97FC3E5BE7F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-26] (Microsoft Corporation)
Task: {BF62ADB2-0A7D-40CA-8340-515ACB795F39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C40D0EFA-FEB8-4F6A-858C-0C40DBF918EB} - System32\Tasks\Sjmumm8aoDDGvi6 => C:\Users\Dustin\AppData\Roaming\Sjmumm8aoDDGvi6.exe <==== ATTENTION
Task: {CE1C2814-E006-498B-AE8E-640BF0703E9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {EDB56428-33F7-468B-918B-07359B676121} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-26] (Microsoft Corporation)
Task: {FCC8293C-1DC0-4702-BE23-D6BC4CA06671} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForDustin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\JMQVDQZXY1.job => C:\ProgramData\FlashBeat\FlashBeat.exe
Task: C:\windows\Tasks\PVYJW.job => C:\Users\Dustin\AppData\Roaming\PVYJW.exe <==== ATTENTION
Task: C:\windows\Tasks\Sjmumm8aoDDGvi6.job => C:\Users\Dustin\AppData\Roaming\Sjmumm8aoDDGvi6.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-02-26 07:02 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-26 07:02 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-10-30 12:50 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-02-26 07:03 - 2015-02-26 07:03 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-04-30 09:42 - 2015-04-30 09:42 - 01353504 _____ () C:\Windows\System32\cpuminer-gw64.exe
2014-10-30 12:46 - 2014-03-31 04:56 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4109178945-1565091869-1535269173-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0469A2CC-EC66-43C9-8620-5DCC2D27AFF0}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{1ACEE08F-6E58-451A-9925-0910ACE31EFC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{554DA80C-FEA2-462C-80A8-7F40672F500F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{0DF326B0-AA31-4D93-87CC-9E8CDD18C327}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{2A74B549-908E-4B77-B5F6-DD4BC7310FFD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{890F74B5-C5BC-4076-B61A-860AD21DBE70}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E494C721-FC7E-47B4-9CB3-6EB93B07FF21}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{810651A8-7B67-465F-834A-5580C011A136}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A70F90F9-A2BE-47B8-AA62-DBD6BFFBFC3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5004FE96-B31E-44D9-8DB1-A9DAB347ED5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{210D000D-0337-4DE8-AF5B-3AE824622781}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D5AA9BF-1EE2-4BD0-92A2-EA276E44AC58}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{73B7D2BC-96BE-46B7-B50C-394C13008468}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E0AF2AB2-28E8-4C86-9358-9C8A36B37E94}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\nsa1FCE.tmp\CnetInstaller-10257337.exe
FirewallRules: [{75572FD4-4A7F-4900-B08D-E28806A89994}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\nsa1FCE.tmp\CnetInstaller-10257337.exe
FirewallRules: [{408E00B3-6C5C-46CF-AC20-E98291D57DC1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{38852F69-709B-4930-87C1-45D340CE9B8D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D668985C-410F-4C3A-B455-FAB762601371}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{67371F51-5666-4B8D-8F4D-A047D62F4FA7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3901F020-5FED-4807-94A6-EEBCD4D9F51C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4026442F-A269-44EC-B8C4-E6C5DB19C4F9}] => (Allow) C:\Users\Dustin\AppData\Roaming\SSN\ssn.exe
FirewallRules: [{947E7202-F217-4531-84A9-518769A012DF}] => (Allow) C:\Users\Dustin\AppData\Roaming\SSN\updssn.exe
FirewallRules: [{FB79228C-6628-4989-84E5-D11160DA091A}] => (Allow) C:\Users\Dustin\AppData\Roaming\OAS\oas.exe
FirewallRules: [{F8C1FEBD-315B-4F7F-814D-70E43FB8E3A3}] => (Allow) C:\Users\Dustin\AppData\Roaming\OAS\oasupd.exe
FirewallRules: [{73F2393C-B255-4755-B7EB-D04DDA9A786E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FA7320E0-6ED0-47A3-8657-1EEC62BF427D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2015 07:36:54 AM) (Source: insvc_1.10.0.14) (EventID: 0) (User: )
Description: insvc_1.10.0.14Infonaut Client Service failed to connect to driver

Error: (05/01/2015 07:32:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Crossbrowse.exe version 39.5.2171.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bf8

Start Time: 01d08408ebbef50c

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\Crossbrowse.exe

Report Id: 2e30d52e-effe-11e4-826e-60029221c1a2

Faulting package full name:

Faulting package-relative application ID:

Error: (05/01/2015 07:09:23 AM) (Source: MsiInstaller) (EventID: 11316) (User: DCBdesktop)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.

Error: (05/01/2015 05:54:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/01/2015 05:54:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/29/2015 05:50:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 598

Start Time: 01d082cedbeb7d33

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 2d79b260-eec2-11e4-826d-60029221c1a2

Faulting package full name:

Faulting package-relative application ID:

Error: (04/29/2015 05:49:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000374
Fault offset: 0x000e5624
Faulting process id: 0x1060
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (04/29/2015 05:30:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x73c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/29/2015 06:38:33 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4324) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (04/29/2015 05:32:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (05/01/2015 08:04:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Type Hub service failed to start due to the following error:
%%2

Error: (05/01/2015 08:04:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Area Single Spaced service failed to start due to the following error:
%%2

Error: (05/01/2015 08:04:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Topology Duration service failed to start due to the following error:
%%2

Error: (05/01/2015 08:03:06 AM) (Source: DCOM) (EventID: 10010) (User: DCBdesktop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/01/2015 07:36:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The innfd_1_10_0_14 service failed to start due to the following error:
%%2

Error: (05/01/2015 07:36:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Type Hub service failed to start due to the following error:
%%2

Error: (05/01/2015 07:36:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Area Single Spaced service failed to start due to the following error:
%%2

Error: (05/01/2015 07:36:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Topology Duration service failed to start due to the following error:
%%2

Error: (05/01/2015 07:36:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1069

Error: (05/01/2015 07:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Microsoft Office Sessions:
=========================
Error: (05/01/2015 07:36:54 AM) (Source: insvc_1.10.0.14) (EventID: 0) (User: )
Description: insvc_1.10.0.14Infonaut Client Service failed to connect to driver

Error: (05/01/2015 07:32:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Crossbrowse.exe39.5.2171.951bf801d08408ebbef50c4294967295C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\Crossbrowse.exe2e30d52e-effe-11e4-826e-60029221c1a2

Error: (05/01/2015 07:09:23 AM) (Source: MsiInstaller) (EventID: 11316) (User: DCBdesktop)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/01/2015 05:54:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest

Error: (05/01/2015 05:54:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest

Error: (04/29/2015 05:50:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1741659801d082cedbeb7d330C:\Program Files\Internet Explorer\iexplore.exe2d79b260-eec2-11e4-826d-60029221c1a2

Error: (04/29/2015 05:49:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.17736550f42c2c0000374000e5624106001d082ce87bf24b8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll0732cba7-eec2-11e4-826d-60029221c1a2

Error: (04/29/2015 05:30:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2USER32.dll6.3.9600.17736550f4336c000014200000000000ec18073c01d082cc0be745feC:\windows\explorer.exeUSER32.dll499fbd6e-eebf-11e4-826c-60029221c1a2

Error: (04/29/2015 06:38:33 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail4324WindowsMail0:

Error: (04/29/2015 05:32:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest

==================== Memory info ===========================

Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8097.06 MB
Available physical RAM: 6393.33 MB
Total Pagefile: 9377.06 MB
Available Pagefile: 7632.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.58 GB) (Free:870.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.45 GB) (Free:1.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0C301D3E)

Partition: GPT Partition Type.

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users