Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i know for sure i have gamezooks


  • This topic is locked This topic is locked
13 replies to this topic

#1 monomom

monomom

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 28 July 2015 - 02:37 PM

my son downloaded a game or something, like i said i know i have gamezooks, i have windows 8.1 on my dell pc, i have constant pop ups, ads, songs, new pages opening, slow run time and freezing



BC AdBot (Login to Remove)

 


m

#2 monomom

monomom
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 28 July 2015 - 02:47 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by mom (administrator) on AMY (28-07-2015 14:41:40)
Running from C:\Users\mom\Downloads
Loaded Profiles: mom (Available Profiles: mom)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnria_nmhost.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\pcdrcui.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\pcdrrealtime.p5x
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-3944970774-438777128-1647021204-1001\...\Run: [GoogleChromeAutoLaunch_347C36B4BA6EB50C18470BD9B4E3C302] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-23] (Google Inc.)
HKU\S-1-5-21-3944970774-438777128-1647021204-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3944970774-438777128-1647021204-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3944970774-438777128-1647021204-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3944970774-438777128-1647021204-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3944970774-438777128-1647021204-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3944970774-438777128-1647021204-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3944970774-438777128-1647021204-1001 -> {853F51BD-E605-4AA2-9903-15A9F977DAD4} URL = 
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2015-01-23] (Nuance Communications, Inc.)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2015-01-23] (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-23] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166
Tcpip\..\Interfaces\{0150C093-E18E-4FB2-BFD0-A85AEF6B8AF8}: [DhcpNameServer] 192.168.0.1 205.171.202.166
Tcpip\..\Interfaces\{F689571B-EB32-4F25-B300-6056F3C09171}: [DhcpNameServer] 192.168.0.1 205.171.202.166
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2015-01-23] (Nuance Communications, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2015-01-23] (Nuance Communications, Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
 
Chrome: 
=======
CHR Profile: C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (No Name) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-20]
CHR Extension: (Webpage Screenshot) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2015-07-20]
CHR Extension: (YouTube) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-20]
CHR Extension: (Walmart) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmelcnhnemihidpaehodijpamdaeeglh [2015-06-20]
CHR Extension: (Etsy Seller Tools by Tailored Apps) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjbmmdpgaimembhmnolnckiljmblildk [2015-06-20]
CHR Extension: (Google Search) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-20]
CHR Extension: (Gun Blood) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2015-06-20]
CHR Extension: (Dragon Web Extension) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2015-06-20]
CHR Extension: (Google Sheets) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (SiteAdvisor) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-23]
CHR Extension: (Pin It Button) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-06-20]
CHR Extension: (Etsy Hearts Counter) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdfbbcfmphecnafcibfgnjbnfhfimng [2015-07-13]
CHR Extension: (Kindle Cloud Reader) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-06-20]
CHR Extension: (BeFrugal.com Add-On) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2015-06-20]
CHR Extension: (GameZooks) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkpllchojjkbgephbbeacaahecgfpga [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-20]
CHR Extension: (Etsy Clickathons) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenbalkolcmmgpoiegdplhkfjljaiiag [2015-07-13]
CHR Extension: (Etsy Unfav-Fav) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibldfepmchoiladoannfblpilcphclh [2015-07-13]
CHR Extension: (TreasuryBox) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlicfdieefebelbjjmgfmfhjdcegcbch [2015-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-20]
CHR Extension: (Instagram for Chrome) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2015-07-20]
CHR Extension: (Gmail) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-18] (Intel Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2015-01-23] (Nuance Communications, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-21] (McAfee, Inc.)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [165112 2015-07-23] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-18] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 14:41 - 2015-07-28 14:42 - 00021370 _____ C:\Users\mom\Downloads\FRST.txt
2015-07-28 14:41 - 2015-07-28 14:41 - 00000000 ____D C:\FRST
2015-07-28 14:40 - 2015-07-28 14:40 - 02146816 _____ (Farbar) C:\Users\mom\Downloads\FRST64.exe
2015-07-28 14:40 - 2015-07-28 14:40 - 01650688 _____ (Farbar) C:\Users\mom\Downloads\FRST.exe
2015-07-28 05:47 - 2015-07-28 05:47 - 00000000 ___RD C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-25 13:17 - 2015-07-25 13:17 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-07-25 12:37 - 2015-07-25 12:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 12:37 - 2015-07-25 12:37 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-25 12:37 - 2015-07-25 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-25 12:36 - 2015-07-25 12:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-25 12:36 - 2015-07-25 12:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-25 12:36 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-25 12:36 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-25 12:36 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-25 12:34 - 2015-07-25 12:35 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\mom\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-23 18:07 - 2015-07-26 12:20 - 00000000 ____D C:\Users\mom\AppData\Roaming\.minecraft
2015-07-23 18:07 - 2015-07-23 17:38 - 00695296 _____ (AnjoCaido) C:\Users\mom\Desktop\MinecraftSP.exe
2015-07-23 18:04 - 2015-07-23 18:04 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-23 18:04 - 2015-07-23 18:04 - 00000000 ____D C:\ProgramData\Sun
2015-07-23 18:04 - 2015-07-23 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-23 18:03 - 2015-07-23 18:03 - 00000000 ____D C:\ProgramData\Oracle
2015-07-23 18:03 - 2015-07-23 18:03 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-23 18:02 - 2015-07-23 18:02 - 00563296 _____ (Oracle Corporation) C:\Users\mom\Downloads\chromeinstall-8u51.exe
2015-07-23 17:56 - 2015-07-23 17:56 - 00000000 ____D C:\ProgramData\593cf26800003d35
2015-07-23 17:49 - 2015-07-25 13:13 - 00003162 _____ C:\Windows\PFRO.log
2015-07-23 17:49 - 2015-07-25 13:13 - 00000348 _____ C:\Windows\setupact.log
2015-07-23 17:49 - 2015-07-23 17:49 - 00337840 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-23 17:49 - 2015-07-23 17:49 - 00000000 _____ C:\Windows\setuperr.log
2015-07-23 17:44 - 2015-07-23 17:44 - 00000000 ____D C:\Users\mom\AppData\Local\IsolatedStorage
2015-07-23 17:43 - 2015-07-28 14:44 - 00000292 _____ C:\Windows\Tasks\UpdaterEX.job
2015-07-23 17:43 - 2015-07-23 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-07-23 17:43 - 2015-07-23 17:44 - 00002630 _____ C:\Windows\System32\Tasks\UpdaterEX
2015-07-23 17:43 - 2015-07-23 17:43 - 00000000 ____D C:\ProgramData\Unchecky
2015-07-23 17:43 - 2015-07-23 17:43 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-07-23 17:42 - 2015-07-23 17:42 - 01222315 _____ C:\Users\mom\Downloads\Java_Setup.jse
2015-07-23 17:32 - 2015-07-23 17:34 - 00000000 ____D C:\Users\mom\Downloads\Minecraft
2015-07-23 17:31 - 2015-07-23 17:33 - 00000022 _____ C:\Users\mom\Downloads\Minecraft.zip
2015-07-23 17:25 - 2015-07-23 17:28 - 00289388 _____ C:\Users\mom\Downloads\Hack Resources Pack V4 2 Downloader.zip
2015-07-23 10:46 - 2015-07-28 14:41 - 01247058 _____ C:\Windows\WindowsUpdate.log
2015-07-23 10:41 - 2015-07-24 06:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-23 10:41 - 2015-07-24 06:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-23 10:41 - 2015-07-23 10:41 - 00001405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-23 10:41 - 2015-07-23 10:41 - 00001393 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-23 10:41 - 2015-07-23 10:41 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-23 10:41 - 2015-07-23 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-23 10:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-23 10:38 - 2015-07-23 10:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\mom\Downloads\spybot-2.4.exe
2015-07-23 10:36 - 2015-07-23 10:36 - 00000000 ____D C:\Users\mom\Downloads\RootkitRevealer
2015-07-23 10:35 - 2015-07-23 10:35 - 00231390 _____ C:\Users\mom\Downloads\RootkitRevealer.zip
2015-07-21 20:45 - 2015-07-21 20:45 - 09776574 _____ C:\Users\mom\Downloads\minecraft_server-1-8-2-pre6 (1) (1).jar
2015-07-21 20:44 - 2015-07-21 20:44 - 09776574 _____ C:\Users\mom\Downloads\minecraft_server-1-8-2-pre6 (1).jar
2015-07-21 20:42 - 2015-07-21 20:43 - 09776574 _____ C:\Users\mom\Downloads\minecraft_server-1-8-2-pre6.jar
2015-07-21 09:02 - 2015-07-14 09:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 09:02 - 2015-07-14 09:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 09:02 - 2015-07-14 09:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 09:02 - 2015-07-14 09:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 11:44 - 2015-07-20 11:47 - 140852175 _____ C:\Users\mom\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2015-07-15 10:03 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 10:03 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 10:03 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 10:03 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 10:03 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 10:03 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 10:03 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 10:03 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 10:02 - 2015-06-15 17:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 10:02 - 2015-06-15 17:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 10:02 - 2015-06-15 17:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 10:02 - 2015-06-15 17:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 10:02 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 10:02 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 10:02 - 2015-06-15 16:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 10:02 - 2015-06-15 16:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 10:02 - 2015-06-15 16:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 10:02 - 2015-06-15 16:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 10:02 - 2015-06-15 16:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 10:02 - 2015-06-15 16:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 10:02 - 2015-06-15 16:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 10:02 - 2015-06-15 16:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 10:02 - 2015-06-15 16:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 10:02 - 2015-06-15 16:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 10:02 - 2015-06-15 16:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 10:02 - 2015-06-15 16:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 10:02 - 2015-06-15 16:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 10:02 - 2015-06-15 15:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 10:02 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 10:02 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 10:02 - 2015-06-15 15:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 10:02 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 10:02 - 2015-06-15 15:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 10:02 - 2015-06-15 15:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 10:02 - 2015-06-15 15:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 10:02 - 2015-06-15 15:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 10:02 - 2015-06-15 15:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 10:02 - 2015-06-15 15:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 10:02 - 2015-06-15 15:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 10:02 - 2015-06-15 15:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 10:02 - 2015-06-15 15:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 10:01 - 2015-07-09 14:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 10:01 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 10:01 - 2015-07-09 11:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 10:01 - 2015-07-09 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 10:01 - 2015-07-09 10:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 10:01 - 2015-07-09 10:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 10:01 - 2015-07-09 10:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 10:01 - 2015-07-09 10:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 10:01 - 2015-07-09 10:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 10:01 - 2015-07-09 10:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 10:01 - 2015-07-09 10:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 10:01 - 2015-07-09 10:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 10:01 - 2015-07-09 10:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 10:01 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 10:01 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 10:01 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 10:00 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 10:00 - 2015-06-28 00:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 10:00 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 10:00 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 10:00 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 10:00 - 2015-06-26 22:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 10:00 - 2015-06-26 22:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 10:00 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 10:00 - 2015-06-26 21:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 10:00 - 2015-06-26 21:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 10:00 - 2015-06-26 21:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 10:00 - 2015-06-26 20:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 10:00 - 2015-06-26 20:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 10:00 - 2015-06-24 21:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 10:00 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 10:00 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 10:00 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 10:00 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 10:00 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 10:00 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 10:00 - 2015-05-30 16:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 10:00 - 2015-05-30 14:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 10:00 - 2015-05-30 14:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 10:00 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-15 10:00 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-15 09:59 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 09:59 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-15 09:59 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 09:59 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-15 09:59 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-15 09:59 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-15 09:58 - 2015-06-29 17:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 09:58 - 2015-06-29 10:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 09:58 - 2015-06-29 10:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 09:58 - 2015-06-29 10:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 09:58 - 2015-06-29 10:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 09:58 - 2015-06-29 10:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 09:58 - 2015-06-26 18:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 09:58 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 09:58 - 2015-05-11 13:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-15 09:58 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-15 09:58 - 2015-01-29 22:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-07-15 09:58 - 2015-01-29 22:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-07-15 09:58 - 2014-11-04 14:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-15 09:58 - 2014-11-04 14:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-15 09:58 - 2014-11-04 01:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-15 09:58 - 2014-11-04 01:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-15 09:58 - 2014-11-04 01:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-15 09:58 - 2014-11-04 01:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-15 09:57 - 2015-07-01 17:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 09:57 - 2015-07-01 16:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 09:57 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 09:57 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 09:57 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-15 09:57 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-15 09:50 - 2015-06-10 22:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 09:50 - 2015-06-10 11:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 09:50 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-15 09:49 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 09:49 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 09:49 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 09:49 - 2015-05-01 18:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-15 09:49 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 09:49 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-15 09:49 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-15 09:49 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-15 09:48 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-15 09:48 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-15 09:48 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-13 20:12 - 2015-07-13 20:12 - 00002321 _____ C:\Users\mom\Desktop\Chrome App Launcher.lnk
2015-07-13 20:12 - 2015-07-13 20:12 - 00000000 ____D C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-10 08:39 - 2015-07-28 07:37 - 00000000 ___HD C:\$Windows.~BT
2015-07-07 23:09 - 2015-07-07 23:09 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2015-07-05 18:51 - 2015-07-05 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-07-05 18:51 - 2015-07-05 18:52 - 00000000 ____D C:\Program Files (x86)\Coupons
2015-07-05 18:50 - 2015-07-05 18:50 - 02810584 _____ (Coupons.com Incorporated) C:\Users\mom\Downloads\CouponPrinter.exe
2015-07-04 20:17 - 2015-07-04 20:17 - 00000017 _____ C:\Users\mom\AppData\Local\resmon.resmoncfg
2015-06-29 10:34 - 2015-06-29 10:34 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-29 10:34 - 2015-06-29 10:34 - 00001045 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-29 10:33 - 2015-06-29 10:37 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-29 10:32 - 2015-06-29 10:33 - 08009896 _____ (TeamViewer GmbH) C:\Users\mom\Downloads\TeamViewer_Setup_en.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 14:20 - 2015-06-20 12:59 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-28 14:00 - 2015-06-22 10:00 - 00000927 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {2B82EA99-8AD9-458D-AB96-12D61CD2BBC6}.job
2015-07-28 14:00 - 2015-06-22 10:00 - 00000741 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {2B82EA99-8AD9-458D-AB96-12D61CD2BBC6}.job
2015-07-28 14:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-28 14:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-28 13:45 - 2015-06-22 13:45 - 00000927 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {EAEE4981-0246-4FA0-881D-30F2EC14B198}.job
2015-07-28 13:45 - 2015-06-22 13:45 - 00000741 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {EAEE4981-0246-4FA0-881D-30F2EC14B198}.job
2015-07-28 12:19 - 2015-06-20 14:56 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4868B69D-94FC-45CC-B043-798B1EC5879E}
2015-07-28 07:48 - 2014-07-26 08:25 - 00000000 ____D C:\Windows\Panther
2015-07-28 07:18 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-28 05:52 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-28 05:48 - 2014-03-18 04:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 05:46 - 2015-06-20 12:59 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-26 15:04 - 2015-06-20 12:58 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3944970774-438777128-1647021204-1001
2015-07-25 13:17 - 2014-07-26 08:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-25 13:16 - 2014-07-26 08:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-25 13:13 - 2014-07-26 08:28 - 00000000 ____D C:\Windows\Options
2015-07-25 13:13 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 12:26 - 2015-06-20 13:01 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-25 08:21 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-25 06:53 - 2015-06-22 18:58 - 00000000 ____D C:\Users\mom\AppData\Local\CrashDumps
2015-07-24 22:16 - 2015-06-26 00:44 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 18:58 - 2015-06-20 14:52 - 00000000 ____D C:\Users\mom\AppData\Local\Packages
2015-07-23 17:49 - 2014-07-26 08:34 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-23 17:48 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-23 17:43 - 2015-06-20 12:56 - 00000000 __SHD C:\Users\mom\AppData\Local\EmieUserList
2015-07-23 17:43 - 2015-06-20 12:56 - 00000000 __SHD C:\Users\mom\AppData\Local\EmieSiteList
2015-07-22 06:51 - 2015-06-22 20:42 - 00000000 ____D C:\ProgramData\TEMP
2015-07-21 14:49 - 2015-06-22 21:19 - 00000715 _____ C:\Users\mom\AppData\Roaming\SAS7_000.DAT
2015-07-18 22:11 - 2015-06-20 14:52 - 00000000 ____D C:\Users\mom
2015-07-18 08:38 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-07-15 23:43 - 2015-06-26 00:45 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 23:43 - 2015-06-26 00:44 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 23:43 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-15 23:43 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2015-07-15 16:15 - 2015-06-20 12:59 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 16:15 - 2015-06-20 12:59 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 11:28 - 2015-06-22 07:32 - 00000000 ____D C:\Windows\system32\MRT
2015-07-13 16:10 - 2015-06-26 08:15 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 16:10 - 2015-06-26 08:15 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 01:55 - 2015-06-26 00:44 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-07 23:09 - 2014-07-26 08:27 - 00000000 ____D C:\ProgramData\Dell
2015-07-03 08:43 - 2015-06-22 07:32 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-06-22 21:19 - 2015-07-21 14:49 - 0000715 _____ () C:\Users\mom\AppData\Roaming\SAS7_000.DAT
2015-07-04 20:17 - 2015-07-04 20:17 - 0000017 _____ () C:\Users\mom\AppData\Local\resmon.resmoncfg
2014-07-26 08:26 - 2014-07-26 08:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\mom\AppData\Local\Temp\i4jdel0.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-27 07:06
 
==================== End of log ============================


#3 monomom

monomom
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 28 July 2015 - 02:50 PM

im sorry this is taking so long, i am in the process of installing another firewall, im just having some problems copying and pasting the 2nd report 



#4 monomom

monomom
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 28 July 2015 - 02:51 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by mom at 2015-07-28 14:49:45
Running from C:\Users\mom\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3944970774-438777128-1647021204-500 - Administrator - Disabled)
Guest (S-1-5-21-3944970774-438777128-1647021204-501 - Limited - Disabled)
mom (S-1-5-21-3944970774-438777128-1647021204-1001 - Administrator - Enabled) => C:\Users\mom
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.356 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.4.01 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.8903 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7259 - Realtek Semiconductor Corp.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Unchecky v0.3.8 (HKLM-x32\...\Unchecky) (Version: 0.3.8 - RaMMicHaeL)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
11-07-2015 01:54:31 Windows Update
15-07-2015 11:16:53 Windows Update
21-07-2015 23:37:20 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-07-25 13:13 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11F90B0E-72A7-4B5B-B331-D5C2D6EA196D} - System32\Tasks\EPSON XP-310 Series Update {EAEE4981-0246-4FA0-881D-30F2EC14B198} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {12A7A05C-B62C-4AF4-9C3D-B744185CE5C3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {1FC92D1E-D409-4FE1-9D3F-53279EA95D7B} - System32\Tasks\EPSON XP-310 Series Invitation {2B82EA99-8AD9-458D-AB96-12D61CD2BBC6} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {321DB654-7AD6-4A8C-937F-EE5932869D3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {36A8856E-01F5-463F-A5BC-41508C9E989A} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-05-13] (Realtek Semiconductor)
Task: {3B4533E7-BDBE-40CD-ACEF-F226BA7A7476} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {3C1AFA8F-3EA0-46BC-98F6-A702E6C66911} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5E958E44-6A14-4F00-BE2A-106B936C4B9F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {781C2256-7A54-46E6-821D-53CA39DEF216} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {868C747A-CA35-4EBD-974D-44359CC9A685} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {89B9C09F-5D55-4C5C-9E34-1F38457DD7E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9D7080D1-A7EC-42E5-A5E1-E6A618B5C89F} - System32\Tasks\UpdaterEX => C:\Users\mom\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B390CD03-F185-4A70-8F0E-E8C813ABE5F0} - System32\Tasks\EPSON XP-310 Series Update {2B82EA99-8AD9-458D-AB96-12D61CD2BBC6} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {BD50EB9F-7A27-49E8-9DB4-8F385305A79B} - System32\Tasks\DellAio\DellAioSwitch => quickset.exe
Task: {BF3E250D-F39C-485C-89CE-D9AC40ED9ACD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CC81CFF3-ECC9-4CA0-8394-46E8AA321BA2} - System32\Tasks\EPSON XP-310 Series Invitation {EAEE4981-0246-4FA0-881D-30F2EC14B198} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {DCBFDFA6-04FF-4F14-9B1A-A64096105DBF} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {DFD78359-9C40-4534-B7DF-15DFF099C176} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {EC6F04DC-8EA2-4A69-A8D5-FEB01456DF32} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {F2AC83B0-D816-49A2-BCFC-505F776B9CE2} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {2B82EA99-8AD9-458D-AB96-12D61CD2BBC6}.job => 0x03060100DE9E14C594FAA6478F12392E2D38BA514600B302000000003C000A00200000000014730F000000000013040000208021DF07070002001C000E000000000025000000350043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C00730070006F006F006C005C0044005200490056004500520053005C007800360034005C0033005C0045005F004900540053004C00420045002E0045005800450000003E002F004500580045003A0022007B00320042003800320045004100390039002D0038004100440039002D0034003500380044002D0041004200390036002D003100320044003600310043004400320042004200430036007D00220020002F0046003A00220049006E007600690074006100740069006F006E002200000000000F0057004F0052004B00470052004F00550050005C0041004D00590024000000A90053006500610072006300680065007300200066006F00720020006E0065007700200069006E0066006F0072006D006100740069006F006E002000660072006F006D0020004500500053004F004E002C00200061006E00640020006E006F00740069006600690065007300200079006F00750020007700680065006E00200074006800650079002000610072006500200061007600610069006C00610062006C0065002E002000540068006900730020007400610073006B00200069007300200075006E0069006E007300740061006C006C006500640020006100750074006F006D00610074006900630061006C006C00790020007700680065006E00200079006F007500200075006E0069006E007300740061006C006C0020007400680065002000720065006C00610074006500640020007000720069006E0074006500720020006400720069007600650072002E00000001007B08000000000000000000010030000000DF07060017000000000000000A000000A00500003C0000000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {EAEE4981-0246-4FA0-881D-30F2EC14B198}.job => 0x03060100582A531816D67D479EEE3FD57EF976BA4600B302000000003C000A00200000000014730F000000000013040000208021DF07070002001C000E002D00090056000000350043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C00730070006F006F006C005C0044005200490056004500520053005C007800360034005C0033005C0045005F004900540053004C00420045002E0045005800450000003E002F004500580045003A0022007B00450041004500450034003900380031002D0030003200340036002D0034004600410030002D0038003800310044002D003300300046003200450043003100340042003100390038007D00220020002F0046003A00220049006E007600690074006100740069006F006E002200000000000F0057004F0052004B00470052004F00550050005C0041004D00590024000000A90053006500610072006300680065007300200066006F00720020006E0065007700200069006E0066006F0072006D006100740069006F006E002000660072006F006D0020004500500053004F004E002C00200061006E00640020006E006F00740069006600690065007300200079006F00750020007700680065006E00200074006800650079002000610072006500200061007600610069006C00610062006C0065002E002000540068006900730020007400610073006B00200069007300200075006E0069006E007300740061006C006C006500640020006100750074006F006D00610074006900630061006C006C00790020007700680065006E00200079006F007500200075006E0069006E007300740061006C006C0020007400680065002000720065006C00610074006500640020007000720069006E0074006500720020006400720069007600650072002E00000001007B08000000000000000000010030000000DF07060017000000000000000D002D00A00500003C0000000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {2B82EA99-8AD9-458D-AB96-12D61CD2BBC6}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{2B82EA99-8AD9-458D-AB96-12D61CD2BBC6} /F:UpdateWORKGROUP\AMY$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {EAEE4981-0246-4FA0-881D-30F2EC14B198}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{EAEE4981-0246-4FA0-881D-30F2EC14B198} /F:UpdateWORKGROUP\AMY$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdaterEX.job => 0x030601005259779263A6484B8A334D0155BC4DA54600F2000000000044440000200000000014730F030007800013040020208021DF07070002001C000E002C000000B20000003C0043003A005C00550073006500720073005C006D006F006D005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B0000000000080061006D0079005C006D006F006D0000000000000008000000000000000000010030000000D2070300070000000000000011002C00A00500003C0000000000000001000000010000000000000000000000
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-10 16:53 - 2014-01-10 16:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll
2014-01-10 16:53 - 2014-01-10 16:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll
2014-01-10 16:53 - 2014-01-10 16:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll
2014-01-10 17:24 - 2014-01-10 17:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll
2014-01-10 17:24 - 2014-01-10 17:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll
2014-07-26 08:40 - 2014-03-12 14:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-07-26 08:40 - 2014-03-12 14:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-07-26 08:40 - 2014-03-12 14:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-02-26 02:46 - 2014-02-26 02:46 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 02:43 - 2014-02-26 02:43 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 02:50 - 2014-02-26 02:50 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2015-06-22 12:48 - 2015-05-19 20:26 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2015-06-22 12:48 - 2015-05-19 20:26 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2015-07-23 10:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-23 10:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-07-23 10:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-23 10:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-23 10:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-07-25 12:25 - 2015-07-23 17:39 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-25 12:25 - 2015-07-23 17:39 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll
2015-07-25 12:25 - 2015-07-23 17:39 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3944970774-438777128-1647021204-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.0.1 - 205.171.202.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2A0083F8-2ED7-4240-B41B-C92B1743D9B8}] => (Allow) LPort=51001
FirewallRules: [{88E8B5E3-70B4-4D7E-BFF2-04FD199DB191}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E79AE612-6302-452A-80A0-DF1C517D6B62}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{348F1DCB-CA80-4FAD-A624-DDB5D7596EA1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8EF68DE0-70D8-4E43-9B38-55DE1F5BC603}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{9E68E812-5133-4510-86C3-939EF7418006}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{CDB0D728-A7B8-4B57-8E9C-C1EF72E015C4}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{770FE805-819D-426F-81A7-4FAA20EE6AD4}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{5EB61533-EB7C-44FB-8E77-7B0EEDE7EA1B}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{26ACC047-EBD6-4ADB-9B43-1600DF29120D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/28/2015 02:24:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2154
 
Start Time: 01d0c96af6c378db
 
Termination Time: 92
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 3f7dac0d-355e-11e5-8280-645a049ced11
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/28/2015 05:46:26 AM) (Source: DellUpdate) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException: The ChannelDispatcher at 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039' with contract(s) '"IDellUpdateWcfSession"' is unable to open its IChannelListener. ---> System.InvalidOperationException: A registration already exists for URI 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039'.
   at System.ServiceModel.Channels.UriPrefixTable`1.RegisterUri(Uri uri, HostNameComparisonMode hostNameComparisonMode, TItem item)
   at System.ServiceModel.Channels.ConnectionOrientedTransportManager`1.Register(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
   at System.ServiceModel.Channels.TransportChannelListener.On....
 
Error: (07/27/2015 09:53:12 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (07/27/2015 09:35:39 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (07/27/2015 04:15:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PhotosApp.exe version 6.3.9600.17418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1924
 
Start Time: 01d0c8b1600d523d
 
Termination Time: 4294967295
 
Application Path: C:\Windows\FileManager\PhotosApp.exe
 
Report Id: a8f4585c-34a4-11e5-8280-645a049ced11
 
Faulting package full name: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: Microsoft.Windows.PhotoManager
 
Error: (07/27/2015 04:15:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: amy)
Description: App FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager did not launch within its allotted time.
 
Error: (07/26/2015 09:51:13 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (07/25/2015 01:35:53 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (07/25/2015 01:14:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/25/2015 01:12:08 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
 
System errors:
=============
Error: (07/27/2015 09:35:44 PM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/27/2015 09:35:44 PM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/27/2015 09:35:44 PM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/27/2015 09:35:44 PM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/27/2015 09:35:41 PM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/27/2015 09:35:40 PM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/27/2015 07:07:49 AM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/27/2015 07:07:19 AM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/26/2015 03:05:04 PM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/26/2015 03:04:34 PM) (Source: DCOM) (EventID: 10010) (User: amy)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office:
=========================
Error: (07/28/2015 02:24:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840215401d0c96af6c378db92C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE3f7dac0d-355e-11e5-8280-645a049ced11
 
Error: (07/28/2015 05:46:26 AM) (Source: DellUpdate) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException: The ChannelDispatcher at 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039' with contract(s) '"IDellUpdateWcfSession"' is unable to open its IChannelListener. ---> System.InvalidOperationException: A registration already exists for URI 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039'.
   at System.ServiceModel.Channels.UriPrefixTable`1.RegisterUri(Uri uri, HostNameComparisonMode hostNameComparisonMode, TItem item)
   at System.ServiceModel.Channels.ConnectionOrientedTransportManager`1.Register(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
   at System.ServiceModel.Channels.TransportChannelListener.On....
 
Error: (07/27/2015 09:53:12 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (07/27/2015 09:35:39 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (07/27/2015 04:15:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PhotosApp.exe6.3.9600.17418192401d0c8b1600d523d4294967295C:\Windows\FileManager\PhotosApp.exea8f4585c-34a4-11e5-8280-645a049ced11FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
 
Error: (07/27/2015 04:15:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: amy)
Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager
 
Error: (07/26/2015 09:51:13 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (07/25/2015 01:35:53 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (07/25/2015 01:14:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/25/2015 01:12:08 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 58%
Total physical RAM: 3977.98 MB
Available physical RAM: 1658.01 MB
Total Virtual: 5404.33 MB
Available Virtual: 2002.08 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:454.46 GB) (Free:411.12 GB) NTFS
Drive d: () (Removable) (Total:0.04 GB) (Free:0.04 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A3098675)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 38 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 31 July 2015 - 07:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR Extension: (No Name) - C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-06-20]
Task: {9D7080D1-A7EC-42E5-A5E1-E6A618B5C89F} - System32\Tasks\UpdaterEX => C:\Users\mom\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
C:\Users\mom\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#6 monomom

monomom
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 31 July 2015 - 04:32 PM

this is super embarrassing, i am new to 8.i and i dont know where the start button is, unless you are talking about the little windows icon in the bottom left corner, i dont know where accessories is, when i right clickthis window icon it brings up programs and features but there is no accessories, to be honest i hate 8.1. it is so different from 7, i dont even get it



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 01 August 2015 - 07:48 AM


Have a look at this video.
Keep it for reference.

You will find the Notepad in your accessories.



#8 monomom

monomom
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 01 August 2015 - 11:56 AM

Thank you

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 01 August 2015 - 01:17 PM

Were you able to create the FixList.txt file and execute the clean function in the Farbar application?

#10 monomom

monomom
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 01 August 2015 - 05:30 PM

No, im trying to , i just dont know what im doing



#11 monomom

monomom
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 01 August 2015 - 05:37 PM

# AdwCleaner v4.208 - Logfile created 01/08/2015 at 18:01:20
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : mom - AMY
# Running from : C:\Users\mom\Downloads\adwcleaner_4.208 (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
[x] Not Deleted : CouponPrinterService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\593cf26800003d35
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\Coupons
 
***** [ Scheduled tasks ] *****
 
Task Deleted : UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\7204f7d9-ab12-4109-4bcd-9e5d964251dd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.125
 
[C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 
[C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 961F902A3C68E8D11B2155E269CFF65841A3015F1C415D8D6230146400A0CFCA"},"software_reporter":{"prompt_reason":"2E59CDB92AF5C9BA448C150307D1752C6FE2637A1947288657FB4B5BBEDCA2B3","prompt_seed":"91526C928ACBCFBFCF27429E8CFE17AA54996F397B0E6DCCA7E542A9A4E14C9B","prompt_version":"B36D9957E19DFEA37F77E0F472B8D43FD0B221286601FA9C159EC468EFCEF7B2"},"sync":{"remaining_rollback_tries":"7B5C340540BD98AD2C517A7D02997BF1EE9BA3D898547FC6F75CE4CC31371A88"}},"super_mac":"734642BCF7579688B799A187000B185BCE64771D1061A708368FFCBCF359BDF1"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3333889&octid=EB_ORIGINAL_CTID&ISID=M47B5CBD3-1C77-4A51-B008-1029015626BD&SearchSource=55&CUI=&UM=8&UP=SPE12CB063-3B69-4EB1-9EB7-780A4CFF5E2E&D=032615&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [8468 bytes] - [01/08/2015 17:37:48]
AdwCleaner[R1].txt - [8527 bytes] - [01/08/2015 17:59:34]
AdwCleaner[S0].txt - [2470 bytes] - [01/08/2015 18:01:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2529  bytes] ##########

Edited by monomom, 01 August 2015 - 06:35 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 02 August 2015 - 06:43 AM

I have attached the file Fixlist.txt

Download the file and place it in the folder in bold C:\Users\mom\Downloads this is where the Farbar tool is located.

Run the Farbar tool and click Fix only once and wait.

If the computer does not restart please do it.

Post the Fixlog.txt in your next reply.

Let me know what problem persists.

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 08 August 2015 - 07:41 AM

Are you still with me?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 14 August 2015 - 08:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users