Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Flash Player Update it Redirects To Unwanted Ads When Using IE 11


  • This topic is locked This topic is locked
155 replies to this topic

#1 stealth1

stealth1

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 03 September 2015 - 04:11 AM

Two days ago while browsing at NewEgg a strange pop-up occurred, it almost looks like a real message saying that I needed to update my Flash Player. After contacting Adobe they confirmed that the pop-up is a bogus item and they had no clue where it came from.
 
I also sent screen shots of the pop-up to Adobe Tech Support that contain the URL address of the pop-up sender.
 
I'm running Windows 7 Home Premium and Internet Explorer 11 and also Firefox browsers. The problem only occurs when using Internet Explorer. I do not see any problem when using Firefox.
 
In researching this I found others are experiencing the same thing so I thought I'd sign up here and see if anyone here has any ideas on how to get rid of the pop-up. Here's what I know about it so far:
 
I have run Malwarebytes several times and the pop-up still occurs. I also ran HitMan Pro several times and that did not help. I have also uninstalled Internet Explorer 11 and reverted back to Internet Explorer 10, still no help. I also did a System Restore from a few days before the pop-up started showing up, that was no help either.
 
I was able to capture a screenshot of the primary URL that pops up in the address bar of the browser a few seconds before the Flash Player Update pops up. Here is that URL:
 
hxxp://onclickads.net/afu.php?zoneid=371891 (but PLEASE don't click on it!!!)
 
I have attached my best screenshot of the fake Flash Player Update here as well. Hope someone in the community has some insight that might help get rid of this annoyance. Thanks!
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Dell (administrator) on DELL-PC (03-09-2015 01:54:23)
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell (Available Profiles: Dell)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(DivX, LLC) C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
() C:\Program Files\VOX\JamVOX\JVExec.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Copyright © Microsoft 2015) C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
() C:\Windows\wnavga.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [136512 2009-08-25] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PowerDVD14Agent] => C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-10-22] (McAfee, Inc.)
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-08-10] (SlySoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JVExec.lnk [2015-07-27]
ShortcutTarget: JVExec.lnk -> C:\Program Files\VOX\JamVOX\JVExec.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A26F39FA-D455-4966-A2BA-1558291DCF02}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{B1CF5972-030E-4B7F-99F5-47D6EE5C87EC}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{B2B1B70D-1DF5-4E87-B5EE-A0C93B612032}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2009-10-22] (McAfee, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-3100691908-1277675892-733824803-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\z7e0d800.default-1440088808982
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
Chrome:
=======
StartMenuInternet: Google Chrome.PBDEKFRTSKZSQ5DH3MXB75RVIM - C:\Users\Dell\AppData\Local\Google\Chrome\Application\46.1.2479.0\chromer.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921232 2015-07-23] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-08-28] (SurfRight B.V.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [21256 2009-10-22] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [146448 2009-10-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [66896 2009-10-22] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [70728 2009-10-22] (McAfee, Inc.)
R2 msdotnetserv_v2050729; C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe [3003880 2015-07-05] (Copyright © Microsoft 2015)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4305040 2015-07-23] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinGraph; C:\Windows\wnavga.exe [7680 2015-05-14] () [File not signed]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ampa; C:\Windows\system32\ampa.sys [14448 2013-11-29] ()
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2015-04-28] (SlySoft, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [12728 2011-06-15] () [File not signed]
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [206504 2013-07-02] (Fresco Logic)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [61608 2013-07-02] (Fresco Logic)
S3 JamVOXUSBAudioSrv; C:\Windows\System32\drivers\jamvox.sys [105416 2011-12-14] (CEntrance, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [75704 2009-10-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91672 2009-10-22] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43288 2009-10-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [343664 2009-10-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [65448 2009-10-22] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [63728 2009-10-22] (McAfee, Inc.)
S3 MUD; C:\Windows\System32\DRIVERS\MUD.sys [51200 2008-02-06] (Magellan)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [42344 2015-07-02] (NVIDIA Corporation)
S3 RDID1003; C:\Windows\System32\Drivers\rdwm1003.sys [66530 2005-06-03] (Roland Corporation) [File not signed]
R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [45072 2010-06-17] (Webroot Software, Inc. (www.webroot.com))
R0 sshrmd; C:\Windows\System32\DRIVERS\sshrmd.sys [24496 2010-06-17] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [182056 2010-06-17] (Webroot Software, Inc. (www.webroot.com))
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-11-04] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Dell\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-03 01:54 - 2015-09-03 01:55 - 00016916 _____ C:\Users\Dell\Desktop\FRST.txt
2015-09-03 01:54 - 2015-09-03 01:54 - 00000000 ____D C:\FRST
2015-09-03 01:53 - 2015-09-03 01:37 - 01690624 _____ (Farbar) C:\Users\Dell\Desktop\FRST.exe
2015-09-02 23:47 - 2015-09-02 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-09-02 23:47 - 2015-09-02 23:47 - 00000000 ____D C:\Program Files\Cobian Backup 11
2015-09-02 13:01 - 2009-03-02 16:20 - 00049904 ____R (Avanquest Software) C:\Windows\system32\Drivers\BVRPMPR5.SYS
2015-09-02 13:00 - 2015-09-02 13:00 - 00000000 ____D C:\Netgear
2015-09-02 04:39 - 2015-09-02 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-02 02:23 - 2015-09-02 02:23 - 00074708 _____ C:\Users\Dell\Desktop\HitmanPro_20150902_0223.log
2015-09-02 00:43 - 2015-09-02 00:43 - 00074964 _____ C:\Users\Dell\Desktop\HitmanPro_20150902_0043.log
2015-09-01 22:23 - 2015-09-01 22:35 - 00000043 _____ C:\Users\Dell\Desktop\first redirection url.txt
2015-09-01 22:02 - 2015-09-01 22:02 - 00000106 _____ C:\Users\Dell\Desktop\Bogus Flash Player Uptade URL.txt
2015-08-28 16:41 - 2009-10-22 20:07 - 00343664 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-08-28 16:41 - 2009-10-22 20:07 - 00091672 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-08-28 16:41 - 2009-10-22 20:07 - 00075704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-08-28 16:41 - 2009-10-22 20:07 - 00070728 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-28 16:41 - 2009-10-22 20:07 - 00065448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-08-28 16:41 - 2009-10-22 20:07 - 00063728 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfetdik.sys
2015-08-28 16:41 - 2009-10-22 20:07 - 00043288 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2015-08-28 16:02 - 2015-09-02 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-28 16:01 - 2015-09-02 03:59 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-28 14:51 - 2015-08-28 14:51 - 00000000 ____D C:\Users\Dell\AppData\Local\Deployment
2015-08-28 14:51 - 2015-08-28 14:51 - 00000000 ____D C:\Users\Dell\AppData\Local\Apps\2.0
2015-08-27 21:32 - 2015-09-02 04:02 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-27 21:32 - 2015-08-27 21:32 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Sun
2015-08-27 21:32 - 2015-08-27 21:32 - 00000000 ____D C:\Users\Dell\.oracle_jre_usage
2015-08-22 00:17 - 2009-10-22 20:07 - 00070728 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.5308.deleteme
2015-08-21 23:07 - 2015-08-21 23:09 - 00002446 _____ C:\DelFix.txt
2015-08-21 23:02 - 2015-08-21 23:02 - 00781312 _____ C:\Users\Dell\Downloads\delfix_1.010.exe
2015-08-21 13:51 - 2015-08-21 13:51 - 00000877 _____ C:\Users\Dell\Desktop\Install Windows Internet Explorer.lnk
2015-08-21 08:54 - 2015-08-21 08:54 - 00000008 __RSH C:\Users\Dell\ntuser.pol
2015-08-21 08:54 - 2015-08-21 08:54 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-20 15:58 - 2015-08-20 15:58 - 17269640 _____ C:\Windows\registry.zzz
2015-08-20 15:58 - 2015-08-20 15:58 - 17269640 _____ C:\Windows\registry.daz
2015-08-20 15:15 - 2015-08-20 15:15 - 00000000 ____D C:\Windows\WinRescue
2015-08-20 14:47 - 2015-08-20 15:53 - 00000046 _____ C:\rsq7dir.ini
2015-08-20 14:46 - 2015-09-02 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRescue 7
2015-08-20 14:46 - 2015-08-20 14:54 - 00000000 ____D C:\Program Files\WinRescue 7
2015-08-20 14:46 - 2015-08-20 14:46 - 00000974 _____ C:\Users\Dell\Desktop\WinRescue 7.lnk
2015-08-20 14:44 - 2015-08-20 14:44 - 00946866 _____ (Super Win Software, Inc. ) C:\Users\Dell\Downloads\wnrsq7z.exe
2015-08-20 09:40 - 2015-08-20 09:40 - 00000000 ____D C:\Users\Dell\Desktop\Old Firefox Data
2015-08-19 23:41 - 2015-08-19 23:41 - 00000000 ____D C:\Users\Dell\Downloads\mbam-chameleon-3.1.25.0
2015-08-19 23:38 - 2015-08-19 23:38 - 06383209 _____ C:\Users\Dell\Downloads\mbam-chameleon-3.1.25.0.zip
2015-08-19 15:08 - 2015-08-19 15:08 - 00477498 _____ C:\Users\Dell\Desktop\HitmanPro_20150819_1508.log
2015-08-19 15:06 - 2015-09-02 12:15 - 00000182 _____ C:\Windows\system32\.crusader
2015-08-19 14:46 - 2015-08-19 14:46 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-19 14:46 - 2015-08-19 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-19 14:45 - 2015-09-02 04:02 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-19 14:44 - 2015-08-19 15:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-19 14:44 - 2015-08-19 14:44 - 10113976 _____ (SurfRight B.V.) C:\Users\Dell\Downloads\HitmanPro.exe
2015-08-15 02:44 - 2015-08-15 02:44 - 00000000 ____D C:\Users\Dell\Documents\My Kindle Content
2015-08-15 02:43 - 2015-08-15 02:43 - 00001940 _____ C:\Users\Dell\Desktop\Kindle.lnk
2015-08-15 02:43 - 2015-08-15 02:43 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-08-15 02:43 - 2015-08-15 02:43 - 00000000 ____D C:\Users\Dell\AppData\Local\Amazon
2015-08-15 02:43 - 2015-08-15 02:43 - 00000000 ____D C:\Program Files\Amazon
2015-08-12 03:59 - 2015-08-12 03:59 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-12 03:39 - 2015-08-12 03:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:03 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 17:41 - 2015-07-28 13:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 17:41 - 2015-07-28 13:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 17:41 - 2015-07-28 12:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 17:41 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 17:41 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 17:41 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-11 17:41 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 17:41 - 2015-07-15 10:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 17:41 - 2015-07-15 10:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 17:41 - 2015-07-15 10:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 17:41 - 2015-07-15 10:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 17:41 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 17:41 - 2015-07-15 10:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 17:41 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 17:41 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 17:41 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 17:41 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 17:41 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 17:41 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 17:41 - 2015-07-15 09:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 17:41 - 2015-07-15 09:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 17:41 - 2015-07-15 09:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 17:41 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 17:41 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 17:41 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 17:41 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 17:40 - 2015-07-30 09:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 17:40 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 17:40 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 17:40 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 17:40 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 17:40 - 2015-07-16 08:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-11 17:40 - 2015-07-14 19:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 17:40 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 17:40 - 2015-05-09 11:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 17:39 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 17:39 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 17:39 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 17:39 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-03 01:30 - 2015-07-30 12:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-03 00:53 - 2009-11-10 12:09 - 01081696 _____ C:\Windows\WindowsUpdate.log
2015-09-02 23:21 - 2009-07-13 21:34 - 00027632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-02 23:21 - 2009-07-13 21:34 - 00027632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-02 23:13 - 2009-07-13 21:39 - 00093592 _____ C:\Windows\setupact.log
2015-09-02 23:12 - 2015-03-18 17:13 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-02 23:12 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-02 22:46 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing
2015-09-02 21:34 - 2009-11-10 12:20 - 00786514 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-02 13:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2015-09-02 05:22 - 2015-07-10 04:17 - 00000000 ___HD C:\$Windows.~BT
2015-09-02 04:45 - 2009-11-10 12:05 - 00000000 ____D C:\Windows\Panther
2015-09-02 04:04 - 2009-11-10 12:17 - 00000000 ____D C:\Users\Dell
2015-09-02 04:04 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-02 04:03 - 2015-04-05 11:37 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-02 04:03 - 2015-03-18 15:20 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2015-09-02 04:03 - 2009-11-10 12:17 - 00000000 ___RD C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-02 04:03 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-02 04:02 - 2015-07-25 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-02 04:02 - 2015-07-24 19:06 - 00000000 ____D C:\ProgramData\MSNetCore
2015-09-02 04:02 - 2013-08-21 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChessGenius Classic
2015-09-02 04:02 - 2010-04-19 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2015-09-02 04:02 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\registration
2015-09-02 04:01 - 2015-07-11 23:34 - 00000000 ____D C:\Users\Dell\AppData\Local\Mozilla
2015-09-02 04:00 - 2013-10-29 11:23 - 00000000 ____D C:\ProgramData\Oracle
2015-09-02 04:00 - 2010-04-19 15:17 - 00000000 ____D C:\ProgramData\SlySoft
2015-09-02 03:59 - 2015-07-25 00:39 - 00000000 ____D C:\Program Files\Java
2015-09-02 03:59 - 2015-07-24 11:45 - 00000000 ____D C:\Program Files\McAfee
2015-09-02 03:59 - 2010-04-17 19:49 - 00000000 ____D C:\ProgramData\McAfee
2015-09-02 00:45 - 2015-03-14 01:43 - 00000000 ____D C:\Users\Dell\Desktop\Firefox Bookmarks
2015-08-27 22:39 - 2009-11-10 13:33 - 00348420 _____ C:\Windows\PFRO.log
2015-08-27 21:31 - 2015-07-25 00:41 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-08-25 22:24 - 2010-04-30 17:07 - 00000000 ____D C:\Users\Dell\AppData\Local\Google
2015-08-25 13:47 - 2014-07-20 14:50 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-08-22 17:22 - 2010-09-10 21:57 - 00000000 ____D C:\QUARANTINE
2015-08-22 11:25 - 2011-12-19 23:22 - 00000000 ____D C:\Users\Dell\AppData\Roaming\VOX
2015-08-21 17:15 - 2009-07-13 19:04 - 00000215 _____ C:\Windows\system.ini
2015-08-21 17:05 - 2011-05-04 19:49 - 00000000 ____D C:\ProgramData\TEMP
2015-08-21 08:50 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-08-19 23:42 - 2014-07-20 14:48 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-19 15:06 - 2015-07-24 18:47 - 00000000 ___HD C:\ProgramData\wcd
2015-08-17 01:11 - 2009-11-10 13:11 - 00000000 ____D C:\Windows\PCHEALTH
2015-08-15 02:35 - 2010-04-19 15:15 - 00001059 _____ C:\Users\Public\Desktop\AnyDVD.lnk
2015-08-12 04:14 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 04:02 - 2009-07-13 21:33 - 00405992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:59 - 2014-12-13 12:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:59 - 2014-05-04 11:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:42 - 2009-11-10 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 03:41 - 2014-10-28 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:29 - 2013-08-18 11:51 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:15 - 2010-04-17 15:38 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 12:22 - 2013-09-15 13:57 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-11 12:22 - 2013-09-15 13:57 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some files in TEMP:
====================
C:\Users\Dell\AppData\Local\Temp\jre-8u60-windows-au.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-01 16:55
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Dell (2015-09-03 01:57:09)
Running from C:\Users\Dell\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3100691908-1277675892-733824803-500 - Administrator - Disabled)
Dell (S-1-5-21-3100691908-1277675892-733824803-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-3100691908-1277675892-733824803-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3100691908-1277675892-733824803-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Amazon Kindle) (Version: - Amazon)
Anvil Studio 2012 (HKLM\...\{66680918-A08D-486B-B33D-08E90E07E297}) (Version: 12.05.10 - Willow Software)
Anvil Studio 2015 (HKLM\...\{14176C29-2E11-40B7-A28E-E205C90CCEDD}) (Version: 15.03.01 - Willow Software)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.6.3.0 - SlySoft)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: - ArcSoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version: - )
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B25A87F2-EA64-4C60-9989-6442FFFAD5E2}) (Version: 3.5.100.0 - Fresco Logic Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
JamVOX (HKLM\...\{B00C01D2-2A74-4FB8-AD86-111C77F3CF7E}) (Version: 2.01.1 - Korg Inc.)
JamVOX USB Driver (HKLM\...\JamVOX USB Driver) (Version: 2.00 - VOX)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{AA951B10-7089-4D60-B288-516E641F48E6}) (Version: 4.0.0.1496 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.0 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Firefox 40.0.3 (x86 en-US) (HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MysticForest (HKLM\...\{2AAFE1D7-9066-4183-B267-0398A3533E88}) (Version: 1.00.0000 - Phantom EFX)
Nero 8 Essentials (HKLM\...\{470C8EFE-AEB0-402E-B05A-91E08C201033}) (Version: 8.3.416 - Nero AG)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
SlowGold 8 (remove only) (HKLM\...\SlowGold 8) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Webroot Software (HKLM\...\Webroot Software) (Version: 7.0.4.102 - Webroot Software, Inc.)
Webroot Software (Version: 7.0.4.102 - Webroot Software, Inc.) Hidden
WinRescue 7 (HKLM\...\WinRescue 7_is1) (Version: - Super Win Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-08-2015 23:08:44 End of disinfection
22-08-2015 00:11:58 Removed McAfee VirusScan Enterprise
22-08-2015 00:16:46 Installed McAfee VirusScan Enterprise
27-08-2015 22:47:32 Removed McAfee VirusScan Enterprise
27-08-2015 22:52:06 Installed McAfee VirusScan Enterprise
28-08-2015 02:45:56 Removed McAfee VirusScan Enterprise
28-08-2015 16:01:36 Installed McAfee VirusScan Enterprise
28-08-2015 16:17:58 Restore Operation
28-08-2015 16:38:58 Installed McAfee VirusScan Enterprise
28-08-2015 17:17:52 Windows Update
02-09-2015 00:55:36 Removed Java 8 Update 60
02-09-2015 02:41:03 Restore Operation
02-09-2015 04:41:44 Windows Modules Installer
02-09-2015 12:14:34 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2015-07-21 00:19 - 00000057 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041F6B70-2B33-4DCD-B155-65025B31178B} - System32\Tasks\{276B7AD0-5B21-411F-B142-5702584A97E2} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {13996D2D-D8E6-490C-8529-F926ED4C2371} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {3171154D-1F90-41B9-ADA5-83E64AF442AE} - System32\Tasks\{D963EF0B-ADF5-4BF3-A652-5B100FB0BD26} => pcalua.exe -a Z:\Driver\7_VISTA\275.33-desktop-win7-winvista-32bit-international-whql.exe -d Z:\Driver\7_VISTA
Task: {3E7036FC-2512-4D85-BDFE-5C706832C5E1} - System32\Tasks\Opera scheduled Autoupdate 1437788717 => C:\Program Files\Opera\launcher.exe
Task: {49AF37E2-8F97-49B8-9F75-19427D66BF89} - System32\Tasks\{7A98948C-E327-4AF0-9EE4-204F4F65A7CD} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {50C3C20C-E8BD-4624-806F-8DAE6135F817} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {5831F863-8549-4ABE-9809-87262B7840D5} - System32\Tasks\{53FB7BC8-9D76-456C-B065-D5D577487EC2} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {6702454A-3271-4208-8189-A06E6B8C42A0} - System32\Tasks\{52EB4529-17E8-4EEF-AA6E-5ED4414939A3} => pcalua.exe -a "C:\Users\Dell\Desktop\Backup of USB Drive\Work Stuff\Desktop 1-17-08\Adobe Reader 8.1.1.exe" -d "C:\Users\Dell\Desktop\Backup of USB Drive\Work Stuff\Desktop 1-17-08"
Task: {7B6483AD-F060-4107-92F4-5B76AA648008} - System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094 => C:\Users\Dell\AppData\Roaming\JV Update\SecureWebUpdate.exe [2015-07-24] () <==== ATTENTION
Task: {86A1B481-F269-40C7-8192-8C1EA2DF5D98} - System32\Tasks\{64B9FEDE-FCCD-4CCF-A57C-75BCB6170DEE} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {9BE562B6-9B09-41DB-81D2-3E5F07D77DD6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9C8B0654-63BC-41B8-98E0-3172CABDCD51} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {A3B60325-9595-4583-9805-0B1E6C2D52D9} - System32\Tasks\{277FF890-3C4C-4344-97FC-16E2E05591EC} => pcalua.exe -a E:\QTW212\QTW95.EXE -d E:\QTW212
Task: {A9A4B8B7-5D8A-4216-8F1F-B651348ABE5B} - System32\Tasks\{B1EA5603-7F5E-4DB0-A08E-009D686205E1} => pcalua.exe -a "C:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSLOHOY2\SlowGold804Setup.exe" -d C:\Users\Dell\Desktop
Task: {B4878320-F7E1-4325-9940-6FCA254498BE} - System32\Tasks\{AE696145-622D-40D5-8045-3DF25F386B16} => pcalua.exe -a "C:\SWSetup\SP42970\Win smartflash\H653N_hb02.exe" -d "C:\SWSetup\SP42970\Win smartflash"
Task: {D86002D9-3789-4427-9894-321E9C89770E} - System32\Tasks\{B2FFB8CA-55E3-4DCC-A782-664A7442771A} => pcalua.exe -a C:\Users\Dell\Downloads\SlowGoldSetup.exe -d C:\Users\Dell\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-25 01:21 - 2015-07-22 17:52 - 00106312 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2005-08-22 16:38 - 2005-08-22 16:38 - 03264512 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2009-08-25 16:00 - 2009-08-25 16:00 - 00057344 _____ () C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
2015-07-24 23:26 - 2014-11-04 02:38 - 00867080 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\UNO\UNO.dll
2015-07-24 23:25 - 2013-12-10 00:39 - 00074240 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00285184 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00040960 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00721920 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
2015-07-25 00:59 - 2015-07-23 21:22 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2011-12-19 09:11 - 2011-12-19 09:11 - 02899968 _____ () C:\Program Files\VOX\JamVOX\JVExec.exe
2011-12-15 04:22 - 2011-12-15 04:22 - 00018432 _____ () C:\Program Files\VOX\JamVOX\jamvoxdevice.dll
2015-07-24 18:44 - 2015-05-14 00:03 - 00007680 _____ () C:\Windows\wnavga.exe
2009-10-22 20:07 - 2009-10-22 20:07 - 00148816 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: WebrootSpySweeperService => 2
MSCONFIG\Services: WRConsumerService => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1BE567EA-2410-4BC1-B2E9-86F4EFA0B317}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{AB8AD4BF-9D76-4C54-8F3A-288121579E0F}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{C3B31D00-9723-478F-BBE0-5CCB328DD478}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{C2392448-8C62-4816-9591-EE581ED7F28F}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [TCP Query User{6ED2FA06-1544-4237-BC46-9F58AAB18BC8}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0D54F720-E2FF-4F1F-A0AC-724E048F0624}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{F99E5F49-4E56-48FC-AC1B-86D8B57425CB}C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe
FirewallRules: [UDP Query User{70393654-EB65-486D-8E40-789516DC9528}C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe
FirewallRules: [TCP Query User{A14256DD-3C45-469C-A999-0C6AD3917171}C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe
FirewallRules: [UDP Query User{A573EF0F-0183-4ED8-85EC-BD18E0B87C8F}C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe
FirewallRules: [{C1698713-4799-4F02-BE13-A926DF898178}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A69B1F3-D1F9-44C9-A4A2-FCCEA3F03D06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CC8ABFD-BD9D-4462-91ED-D25D23781E94}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0EC22E18-CC5A-4445-9EAC-0411DF44DE69}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1036F8C4-AA51-41E8-9069-0DC49E58520F}] => (Allow) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{13709C97-F6E6-4B48-A65C-F5B46D2D9E1A}] => (Allow) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{0CF80FCC-5EE3-4EEE-AB85-FC54229DAA71}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F2AD2B14-4A68-43F5-ADE9-5C4A51CD1BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9142BA78-A567-40A2-85B6-8E726D317200}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2CBEEADF-BF71-4F84-91BA-C80461AC5477}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F70C1E39-25F9-4839-900C-36F67CDE6D94}] => (Allow) C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe
FirewallRules: [{9A85AD93-742A-40E0-9604-2A2B18619C0D}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{13929BD5-1E50-42B7-9B6B-56BCC2796753}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{5565DC75-9BE3-4FCD-BF68-854DAFC2260E}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{F8C2D9CA-0310-41E7-87F6-69DFED46E519}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A69E9117-981E-4F0D-8416-20AF02C1AB91}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{A8505EBF-8A9B-42B2-A609-2A83C3B2C5AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ABA29D6B-CCD7-4176-9A72-A8C13F75FBF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EA705B42-BDA5-41D3-81EA-67FFF71B2567}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D7332724-38FE-4C48-B06C-2B58607D4528}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6622C8D5-646C-489E-94D4-A73EB0FDCEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:Policy

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2015 11:12:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (09/02/2015 11:12:54 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 11:12:54 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 11:12:54 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 10:55:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (09/02/2015 10:55:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 10:55:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 10:55:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 10:37:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: comctl32.dll, version: 6.10.7601.18837, time stamp: 0x553a8345
Exception code: 0xc0000005
Fault offset: 0x0009b571
Faulting process id: 0x754
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/02/2015 12:42:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x10dc
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3


System errors:
=============
Error: (09/02/2015 11:13:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/02/2015 10:55:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/02/2015 09:30:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/02/2015 09:30:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/02/2015 09:30:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/02/2015 09:30:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/02/2015 01:01:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BVRPMPR5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (09/02/2015 12:36:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/02/2015 12:32:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (09/02/2015 12:18:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-07-24 18:47:07.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:47:06.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:45:39.110
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:45:37.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:45:20.975
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:45:20.538
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 3454.14 MB
Available physical RAM: 2206.87 MB
Total Virtual: 6906.59 MB
Available Virtual: 5657.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.98 GB) (Free:108.77 GB) NTFS
Drive d: () (Fixed) (Total:232.78 GB) (Free:189.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (LEXAR MEDIA) (Removable) (Total:1.94 GB) (Free:0.7 GB) FAT
Drive f: (Segate 1.5 Tb) (Fixed) (Total:1397.26 GB) (Free:1052.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 84315601)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 644A5262)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=04)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 18 September 2015 - 09:39 AM.
Deactivated the link~


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 03 September 2015 - 05:05 AM

Hey, :)

 

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
  •  

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 stealth1

stealth1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 04 September 2015 - 01:33 AM

I do hope you received the log files contents I sent you this afternoon. Being that I am brand new here I may have not sent them in the proper manner. I think I sent them to your PM, but not sure. Please let me know if I need to resend them to you.

Thank you.

#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 05 September 2015 - 07:12 AM

Please send them directly into this thread. :)


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 stealth1

stealth1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 05 September 2015 - 11:21 AM

Here are the results of the Malwarebytes scan log:

 

 
Re: A new reply has been posted to Bogus Flash Player Update it Redirects To Unwanted Ads When Using IE 11

Solo Mio BleepingComputer.com <bleep@bleepingcomputer.com>;

Here are the results of Malwarebytes scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/3/2015
Scan Time: 10:25 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.03.06
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Dell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354835

Here are the results of the Malwarebytes scan:

 

Time Elapsed: 1 hr, 7 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Here are the results of the Adware Cleaner log file:

 

# AdwCleaner v5.005 - Logfile created 03/09/2015 at 12:59:15
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Dell - DELL-PC
# Running from : C:\Users\Dell\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\SereneScreen

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [912 bytes] ##########
 

Here are the results of Malwarebytes scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/3/2015
Scan Time: 10:25 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.03.06
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Dell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354835

Here are the results of the Malwarebytes scan:

 

Time Elapsed: 1 hr, 7 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

Here are the results of the JRT scan:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x86
Ran by Dell on Thu 09/03/2015 at 12:18:22.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\z7e0d800.default-1440088808982\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/03/2015 at 12:23:03.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Here are the results of the Adware Cleaner log file:

 

# AdwCleaner v5.005 - Logfile created 03/09/2015 at 12:59:15
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Dell - DELL-PC
# Running from : C:\Users\Dell\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\SereneScreen

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [912 bytes] ##########
 

 

 

# Post edited by Machiavelli

 

 


Edited by Machiavelli, 06 September 2015 - 12:35 PM.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 06 September 2015 - 12:36 PM

Sorry for the delay.

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 stealth1

stealth1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 06 September 2015 - 01:40 PM

I guess I did not send the "addition.txt" at the top of this thread. So, here is the contents of that log that I got from September 3rd:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Dell (2015-09-03 01:57:09)
Running from C:\Users\Dell\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3100691908-1277675892-733824803-500 - Administrator - Disabled)
Dell (S-1-5-21-3100691908-1277675892-733824803-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-3100691908-1277675892-733824803-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3100691908-1277675892-733824803-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Amazon Kindle) (Version:  - Amazon)
Anvil Studio 2012 (HKLM\...\{66680918-A08D-486B-B33D-08E90E07E297}) (Version: 12.05.10 - Willow Software)
Anvil Studio 2015 (HKLM\...\{14176C29-2E11-40B7-A28E-E205C90CCEDD}) (Version: 15.03.01 - Willow Software)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.6.3.0 - SlySoft)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version:  - )
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B25A87F2-EA64-4C60-9989-6442FFFAD5E2}) (Version: 3.5.100.0 - Fresco Logic Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
JamVOX (HKLM\...\{B00C01D2-2A74-4FB8-AD86-111C77F3CF7E}) (Version: 2.01.1 - Korg Inc.)
JamVOX USB Driver (HKLM\...\JamVOX USB Driver) (Version: 2.00 - VOX)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{AA951B10-7089-4D60-B288-516E641F48E6}) (Version: 4.0.0.1496 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.0 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Firefox 40.0.3 (x86 en-US) (HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MysticForest (HKLM\...\{2AAFE1D7-9066-4183-B267-0398A3533E88}) (Version: 1.00.0000 - Phantom EFX)
Nero 8 Essentials (HKLM\...\{470C8EFE-AEB0-402E-B05A-91E08C201033}) (Version: 8.3.416 - Nero AG)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
SlowGold 8 (remove only) (HKLM\...\SlowGold 8) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Webroot Software (HKLM\...\Webroot Software) (Version: 7.0.4.102 - Webroot Software, Inc.)
Webroot Software (Version: 7.0.4.102 - Webroot Software, Inc.) Hidden
WinRescue 7 (HKLM\...\WinRescue 7_is1) (Version:  - Super Win Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-08-2015 23:08:44 End of disinfection
22-08-2015 00:11:58 Removed McAfee VirusScan Enterprise
22-08-2015 00:16:46 Installed McAfee VirusScan Enterprise
27-08-2015 22:47:32 Removed McAfee VirusScan Enterprise
27-08-2015 22:52:06 Installed McAfee VirusScan Enterprise
28-08-2015 02:45:56 Removed McAfee VirusScan Enterprise
28-08-2015 16:01:36 Installed McAfee VirusScan Enterprise
28-08-2015 16:17:58 Restore Operation
28-08-2015 16:38:58 Installed McAfee VirusScan Enterprise
28-08-2015 17:17:52 Windows Update
02-09-2015 00:55:36 Removed Java 8 Update 60
02-09-2015 02:41:03 Restore Operation
02-09-2015 04:41:44 Windows Modules Installer
02-09-2015 12:14:34 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2015-07-21 00:19 - 00000057 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.1    mssplus.mcafee.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041F6B70-2B33-4DCD-B155-65025B31178B} - System32\Tasks\{276B7AD0-5B21-411F-B142-5702584A97E2} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {13996D2D-D8E6-490C-8529-F926ED4C2371} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {3171154D-1F90-41B9-ADA5-83E64AF442AE} - System32\Tasks\{D963EF0B-ADF5-4BF3-A652-5B100FB0BD26} => pcalua.exe -a Z:\Driver\7_VISTA\275.33-desktop-win7-winvista-32bit-international-whql.exe -d Z:\Driver\7_VISTA
Task: {3E7036FC-2512-4D85-BDFE-5C706832C5E1} - System32\Tasks\Opera scheduled Autoupdate 1437788717 => C:\Program Files\Opera\launcher.exe
Task: {49AF37E2-8F97-49B8-9F75-19427D66BF89} - System32\Tasks\{7A98948C-E327-4AF0-9EE4-204F4F65A7CD} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {50C3C20C-E8BD-4624-806F-8DAE6135F817} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {5831F863-8549-4ABE-9809-87262B7840D5} - System32\Tasks\{53FB7BC8-9D76-456C-B065-D5D577487EC2} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {6702454A-3271-4208-8189-A06E6B8C42A0} - System32\Tasks\{52EB4529-17E8-4EEF-AA6E-5ED4414939A3} => pcalua.exe -a "C:\Users\Dell\Desktop\Backup of USB Drive\Work Stuff\Desktop 1-17-08\Adobe Reader 8.1.1.exe" -d "C:\Users\Dell\Desktop\Backup of USB Drive\Work Stuff\Desktop 1-17-08"
Task: {7B6483AD-F060-4107-92F4-5B76AA648008} - System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094 => C:\Users\Dell\AppData\Roaming\JV Update\SecureWebUpdate.exe [2015-07-24] () <==== ATTENTION
Task: {86A1B481-F269-40C7-8192-8C1EA2DF5D98} - System32\Tasks\{64B9FEDE-FCCD-4CCF-A57C-75BCB6170DEE} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {9BE562B6-9B09-41DB-81D2-3E5F07D77DD6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9C8B0654-63BC-41B8-98E0-3172CABDCD51} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {A3B60325-9595-4583-9805-0B1E6C2D52D9} - System32\Tasks\{277FF890-3C4C-4344-97FC-16E2E05591EC} => pcalua.exe -a E:\QTW212\QTW95.EXE -d E:\QTW212
Task: {A9A4B8B7-5D8A-4216-8F1F-B651348ABE5B} - System32\Tasks\{B1EA5603-7F5E-4DB0-A08E-009D686205E1} => pcalua.exe -a "C:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSLOHOY2\SlowGold804Setup.exe" -d C:\Users\Dell\Desktop
Task: {B4878320-F7E1-4325-9940-6FCA254498BE} - System32\Tasks\{AE696145-622D-40D5-8045-3DF25F386B16} => pcalua.exe -a "C:\SWSetup\SP42970\Win smartflash\H653N_hb02.exe" -d "C:\SWSetup\SP42970\Win smartflash"
Task: {D86002D9-3789-4427-9894-321E9C89770E} - System32\Tasks\{B2FFB8CA-55E3-4DCC-A782-664A7442771A} => pcalua.exe -a C:\Users\Dell\Downloads\SlowGoldSetup.exe -d C:\Users\Dell\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-25 01:21 - 2015-07-22 17:52 - 00106312 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2005-08-22 16:38 - 2005-08-22 16:38 - 03264512 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2009-08-25 16:00 - 2009-08-25 16:00 - 00057344 _____ () C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
2015-07-24 23:26 - 2014-11-04 02:38 - 00867080 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\UNO\UNO.dll
2015-07-24 23:25 - 2013-12-10 00:39 - 00074240 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00285184 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00040960 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00721920 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
2015-07-25 00:59 - 2015-07-23 21:22 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2011-12-19 09:11 - 2011-12-19 09:11 - 02899968 _____ () C:\Program Files\VOX\JamVOX\JVExec.exe
2011-12-15 04:22 - 2011-12-15 04:22 - 00018432 _____ () C:\Program Files\VOX\JamVOX\jamvoxdevice.dll
2015-07-24 18:44 - 2015-05-14 00:03 - 00007680 _____ () C:\Windows\wnavga.exe
2009-10-22 20:07 - 2009-10-22 20:07 - 00148816 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: WebrootSpySweeperService => 2
MSCONFIG\Services: WRConsumerService => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1BE567EA-2410-4BC1-B2E9-86F4EFA0B317}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{AB8AD4BF-9D76-4C54-8F3A-288121579E0F}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{C3B31D00-9723-478F-BBE0-5CCB328DD478}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{C2392448-8C62-4816-9591-EE581ED7F28F}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [TCP Query User{6ED2FA06-1544-4237-BC46-9F58AAB18BC8}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0D54F720-E2FF-4F1F-A0AC-724E048F0624}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{F99E5F49-4E56-48FC-AC1B-86D8B57425CB}C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe
FirewallRules: [UDP Query User{70393654-EB65-486D-8E40-789516DC9528}C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe
FirewallRules: [TCP Query User{A14256DD-3C45-469C-A999-0C6AD3917171}C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe
FirewallRules: [UDP Query User{A573EF0F-0183-4ED8-85EC-BD18E0B87C8F}C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe
FirewallRules: [{C1698713-4799-4F02-BE13-A926DF898178}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A69B1F3-D1F9-44C9-A4A2-FCCEA3F03D06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CC8ABFD-BD9D-4462-91ED-D25D23781E94}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0EC22E18-CC5A-4445-9EAC-0411DF44DE69}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1036F8C4-AA51-41E8-9069-0DC49E58520F}] => (Allow) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{13709C97-F6E6-4B48-A65C-F5B46D2D9E1A}] => (Allow) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{0CF80FCC-5EE3-4EEE-AB85-FC54229DAA71}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F2AD2B14-4A68-43F5-ADE9-5C4A51CD1BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9142BA78-A567-40A2-85B6-8E726D317200}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2CBEEADF-BF71-4F84-91BA-C80461AC5477}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F70C1E39-25F9-4839-900C-36F67CDE6D94}] => (Allow) C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe
FirewallRules: [{9A85AD93-742A-40E0-9604-2A2B18619C0D}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{13929BD5-1E50-42B7-9B6B-56BCC2796753}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{5565DC75-9BE3-4FCD-BF68-854DAFC2260E}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{F8C2D9CA-0310-41E7-87F6-69DFED46E519}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A69E9117-981E-4F0D-8416-20AF02C1AB91}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{A8505EBF-8A9B-42B2-A609-2A83C3B2C5AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ABA29D6B-CCD7-4176-9A72-A8C13F75FBF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EA705B42-BDA5-41D3-81EA-67FFF71B2567}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D7332724-38FE-4C48-B06C-2B58607D4528}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6622C8D5-646C-489E-94D4-A73EB0FDCEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:Policy

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2015 11:12:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (09/02/2015 11:12:54 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 11:12:54 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 11:12:54 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 10:55:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (09/02/2015 10:55:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 10:55:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 10:55:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/02/2015 10:37:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: comctl32.dll, version: 6.10.7601.18837, time stamp: 0x553a8345
Exception code: 0xc0000005
Fault offset: 0x0009b571
Faulting process id: 0x754
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/02/2015 12:42:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x10dc
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3


System errors:
=============
Error: (09/02/2015 11:13:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/02/2015 10:55:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/02/2015 09:30:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/02/2015 09:30:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/02/2015 09:30:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/02/2015 09:30:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/02/2015 01:01:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BVRPMPR5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (09/02/2015 12:36:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/02/2015 12:32:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (09/02/2015 12:18:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.


Microsoft Office:
=========================

CodeIntegrity:
===================================
  Date: 2015-07-24 18:47:07.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:47:06.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:45:39.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:45:37.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:45:20.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:45:20.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 3454.14 MB
Available physical RAM: 2206.87 MB
Total Virtual: 6906.59 MB
Available Virtual: 5657.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.98 GB) (Free:108.77 GB) NTFS
Drive d: () (Fixed) (Total:232.78 GB) (Free:189.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (LEXAR MEDIA) (Removable) (Total:1.94 GB) (Free:0.7 GB) FAT
Drive f: (Segate 1.5 Tb) (Fixed) (Total:1397.26 GB) (Free:1052.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 84315601)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 644A5262)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=04)

==================== End of Addition.txt ============================



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 06 September 2015 - 01:50 PM

But I need fresh logs.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 stealth1

stealth1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 06 September 2015 - 01:53 PM

Here are the logs of a new FRST scan today:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-09-2015 01
Ran by Dell (administrator) on DELL-PC (06-09-2015 11:43:06)
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell (Available Profiles: Dell)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Copyright © Microsoft 2015) C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(DivX, LLC) C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files\VOX\JamVOX\JVExec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_18_0_0_209_ActiveX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Windows\wnavga.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [136512 2009-08-25] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PowerDVD14Agent] => C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-10-22] (McAfee, Inc.)
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-08-27] (SlySoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JVExec.lnk [2015-07-27]
ShortcutTarget: JVExec.lnk -> C:\Program Files\VOX\JamVOX\JVExec.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A26F39FA-D455-4966-A2BA-1558291DCF02}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{B1CF5972-030E-4B7F-99F5-47D6EE5C87EC}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{B2B1B70D-1DF5-4E87-B5EE-A0C93B612032}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2009-10-22] (McAfee, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-3100691908-1277675892-733824803-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\z7e0d800.default-1440088808982
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)

Chrome:
=======
StartMenuInternet: Google Chrome.PBDEKFRTSKZSQ5DH3MXB75RVIM - C:\Users\Dell\AppData\Local\Google\Chrome\Application\46.1.2479.0\chromer.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921232 2015-07-23] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-08-28] (SurfRight B.V.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [21256 2009-10-22] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [146448 2009-10-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [66896 2009-10-22] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [70728 2009-10-22] (McAfee, Inc.)
R2 msdotnetserv_v2050729; C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe [3003880 2015-07-05] (Copyright © Microsoft 2015)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4305040 2015-07-23] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinGraph; C:\Windows\wnavga.exe [7680 2015-05-14] () [File not signed]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ampa; C:\Windows\system32\ampa.sys [14448 2013-11-29] ()
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2015-04-28] (SlySoft, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [12728 2011-06-15] () [File not signed]
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [206504 2013-07-02] (Fresco Logic)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [61608 2013-07-02] (Fresco Logic)
S3 JamVOXUSBAudioSrv; C:\Windows\System32\drivers\jamvox.sys [105416 2011-12-14] (CEntrance, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [75704 2009-10-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91672 2009-10-22] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43288 2009-10-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [343664 2009-10-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [65448 2009-10-22] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [63728 2009-10-22] (McAfee, Inc.)
S3 MUD; C:\Windows\System32\DRIVERS\MUD.sys [51200 2008-02-06] (Magellan)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [42344 2015-07-02] (NVIDIA Corporation)
S3 RDID1003; C:\Windows\System32\Drivers\rdwm1003.sys [66530 2005-06-03] (Roland Corporation) [File not signed]
R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [45072 2010-06-17] (Webroot Software, Inc. (www.webroot.com))
R0 sshrmd; C:\Windows\System32\DRIVERS\sshrmd.sys [24496 2010-06-17] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [182056 2010-06-17] (Webroot Software, Inc. (www.webroot.com))
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-11-04] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Dell\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 11:42 - 2015-09-06 11:42 - 00000000 ____D C:\Users\Dell\Desktop\FRST-OlderVersion
2015-09-04 03:01 - 2015-08-13 04:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-04 03:01 - 2015-08-13 03:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-03 13:19 - 2009-10-22 20:07 - 00343664 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00091672 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00075704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00070728 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-09-03 13:19 - 2009-10-22 20:07 - 00065448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00063728 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfetdik.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00043288 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2015-09-03 13:18 - 2015-09-03 13:18 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-03 12:54 - 2015-09-03 12:59 - 00000000 ____D C:\AdwCleaner
2015-09-03 12:23 - 2015-09-03 12:23 - 00000860 _____ C:\Users\Dell\Desktop\JRT.txt
2015-09-03 12:03 - 2015-09-03 10:34 - 01654272 _____ C:\Users\Dell\Desktop\AdwCleaner.exe
2015-09-03 12:03 - 2015-09-03 10:32 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Dell\Desktop\JRT.exe
2015-09-03 01:57 - 2015-09-03 01:59 - 00030753 _____ C:\Users\Dell\Desktop\Addition.txt
2015-09-03 01:54 - 2015-09-06 11:43 - 00016917 _____ C:\Users\Dell\Desktop\FRST.txt
2015-09-03 01:54 - 2015-09-06 11:43 - 00000000 ____D C:\FRST
2015-09-03 01:53 - 2015-09-06 11:42 - 01692160 _____ (Farbar) C:\Users\Dell\Desktop\FRST.exe
2015-09-03 00:57 - 2015-07-25 13:25 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-03 00:57 - 2015-07-25 13:24 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 13774848 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 02865664 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 02056704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-03 00:57 - 2015-07-25 13:23 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-03 00:57 - 2015-07-25 11:17 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-03 00:57 - 2015-07-25 10:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-09-02 23:47 - 2015-09-02 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-09-02 23:47 - 2015-09-02 23:47 - 00000000 ____D C:\Program Files\Cobian Backup 11
2015-09-02 13:01 - 2009-03-02 16:20 - 00049904 ____R (Avanquest Software) C:\Windows\system32\Drivers\BVRPMPR5.SYS
2015-09-02 13:00 - 2015-09-02 13:00 - 00000000 ____D C:\Netgear
2015-09-02 04:39 - 2015-09-02 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-02 02:23 - 2015-09-02 02:23 - 00074708 _____ C:\Users\Dell\Desktop\HitmanPro_20150902_0223.log
2015-09-02 00:43 - 2015-09-02 00:43 - 00074964 _____ C:\Users\Dell\Desktop\HitmanPro_20150902_0043.log
2015-09-01 22:23 - 2015-09-01 22:35 - 00000043 _____ C:\Users\Dell\Desktop\first redirection url.txt
2015-09-01 22:02 - 2015-09-01 22:02 - 00000106 _____ C:\Users\Dell\Desktop\Bogus Flash Player Uptade URL.txt
2015-08-28 16:02 - 2015-09-03 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-28 14:51 - 2015-08-28 14:51 - 00000000 ____D C:\Users\Dell\AppData\Local\Deployment
2015-08-28 14:51 - 2015-08-28 14:51 - 00000000 ____D C:\Users\Dell\AppData\Local\Apps\2.0
2015-08-27 21:32 - 2015-09-02 04:02 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-27 21:32 - 2015-08-27 21:32 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Sun
2015-08-27 21:32 - 2015-08-27 21:32 - 00000000 ____D C:\Users\Dell\.oracle_jre_usage
2015-08-22 00:17 - 2009-10-22 20:07 - 00070728 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.5308.deleteme
2015-08-21 23:07 - 2015-08-21 23:09 - 00002446 _____ C:\DelFix.txt
2015-08-21 23:02 - 2015-08-21 23:02 - 00781312 _____ C:\Users\Dell\Downloads\delfix_1.010.exe
2015-08-21 13:51 - 2015-08-21 13:51 - 00000877 _____ C:\Users\Dell\Desktop\Install Windows Internet Explorer.lnk
2015-08-20 15:58 - 2015-08-20 15:58 - 17269640 _____ C:\Windows\registry.zzz
2015-08-20 15:58 - 2015-08-20 15:58 - 17269640 _____ C:\Windows\registry.daz
2015-08-20 15:15 - 2015-08-20 15:15 - 00000000 ____D C:\Windows\WinRescue
2015-08-20 14:47 - 2015-08-20 15:53 - 00000046 _____ C:\rsq7dir.ini
2015-08-20 14:46 - 2015-09-02 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRescue 7
2015-08-20 14:46 - 2015-08-20 14:54 - 00000000 ____D C:\Program Files\WinRescue 7
2015-08-20 14:46 - 2015-08-20 14:46 - 00000974 _____ C:\Users\Dell\Desktop\WinRescue 7.lnk
2015-08-20 14:44 - 2015-08-20 14:44 - 00946866 _____ (Super Win Software, Inc. ) C:\Users\Dell\Downloads\wnrsq7z.exe
2015-08-20 09:40 - 2015-08-20 09:40 - 00000000 ____D C:\Users\Dell\Desktop\Old Firefox Data
2015-08-19 23:41 - 2015-08-19 23:41 - 00000000 ____D C:\Users\Dell\Downloads\mbam-chameleon-3.1.25.0
2015-08-19 23:38 - 2015-08-19 23:38 - 06383209 _____ C:\Users\Dell\Downloads\mbam-chameleon-3.1.25.0.zip
2015-08-19 15:08 - 2015-08-19 15:08 - 00477498 _____ C:\Users\Dell\Desktop\HitmanPro_20150819_1508.log
2015-08-19 15:06 - 2015-09-02 12:15 - 00000182 _____ C:\Windows\system32\.crusader
2015-08-19 14:46 - 2015-08-19 14:46 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-19 14:46 - 2015-08-19 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-19 14:45 - 2015-09-02 04:02 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-19 14:44 - 2015-08-19 15:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-19 14:44 - 2015-08-19 14:44 - 10113976 _____ (SurfRight B.V.) C:\Users\Dell\Downloads\HitmanPro.exe
2015-08-15 02:44 - 2015-08-15 02:44 - 00000000 ____D C:\Users\Dell\Documents\My Kindle Content
2015-08-15 02:43 - 2015-08-15 02:43 - 00001940 _____ C:\Users\Dell\Desktop\Kindle.lnk
2015-08-15 02:43 - 2015-08-15 02:43 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-08-15 02:43 - 2015-08-15 02:43 - 00000000 ____D C:\Users\Dell\AppData\Local\Amazon
2015-08-15 02:43 - 2015-08-15 02:43 - 00000000 ____D C:\Program Files\Amazon
2015-08-12 03:59 - 2015-08-12 03:59 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-12 03:39 - 2015-08-12 03:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:03 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 17:41 - 2015-07-28 13:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 17:41 - 2015-07-28 13:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 17:41 - 2015-07-28 12:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 17:41 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 17:41 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 17:41 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-11 17:41 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 17:41 - 2015-07-15 10:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 17:41 - 2015-07-15 10:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 17:41 - 2015-07-15 10:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 17:41 - 2015-07-15 10:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 17:41 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 17:41 - 2015-07-15 10:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 17:41 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 17:41 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 17:41 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 17:41 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 17:41 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 17:41 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 17:41 - 2015-07-15 09:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 17:41 - 2015-07-15 09:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 17:41 - 2015-07-15 09:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 17:41 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 17:41 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 17:41 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 17:41 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 17:40 - 2015-07-30 09:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 17:40 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 17:40 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 17:40 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 17:40 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 17:40 - 2015-07-16 08:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-11 17:40 - 2015-07-14 19:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 17:40 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 17:40 - 2015-05-09 11:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 17:39 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 17:39 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 17:39 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 17:39 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 11:30 - 2015-07-30 12:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-06 08:42 - 2009-07-13 21:34 - 00027632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-06 08:42 - 2009-07-13 21:34 - 00027632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-06 07:04 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing
2015-09-04 12:16 - 2009-11-10 12:09 - 01327417 _____ C:\Windows\WindowsUpdate.log
2015-09-04 12:15 - 2009-11-10 12:05 - 00000000 ____D C:\Windows\Panther
2015-09-04 03:19 - 2015-03-18 17:13 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-04 03:19 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-04 03:19 - 2009-07-13 21:39 - 00094264 _____ C:\Windows\setupact.log
2015-09-03 17:20 - 2009-11-10 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-03 13:18 - 2015-07-24 11:45 - 00000000 ____D C:\Program Files\McAfee
2015-09-03 13:18 - 2010-04-17 19:49 - 00000000 ____D C:\ProgramData\McAfee
2015-09-03 12:19 - 2009-11-10 12:17 - 00000000 ____D C:\Users\Dell
2015-09-03 10:25 - 2014-07-20 14:50 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-09-03 10:07 - 2010-04-19 15:15 - 00001059 _____ C:\Users\Public\Desktop\AnyDVD.lnk
2015-09-02 21:34 - 2009-11-10 12:20 - 00786514 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-02 13:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2015-09-02 05:22 - 2015-07-10 04:17 - 00000000 ___HD C:\$Windows.~BT
2015-09-02 04:04 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-02 04:03 - 2015-04-05 11:37 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-02 04:03 - 2015-03-18 15:20 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2015-09-02 04:03 - 2009-11-10 12:17 - 00000000 ___RD C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-02 04:03 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-02 04:02 - 2015-07-25 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-02 04:02 - 2015-07-24 19:06 - 00000000 ____D C:\ProgramData\MSNetCore
2015-09-02 04:02 - 2013-08-21 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChessGenius Classic
2015-09-02 04:02 - 2010-04-19 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2015-09-02 04:02 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\registration
2015-09-02 04:01 - 2015-07-11 23:34 - 00000000 ____D C:\Users\Dell\AppData\Local\Mozilla
2015-09-02 04:00 - 2013-10-29 11:23 - 00000000 ____D C:\ProgramData\Oracle
2015-09-02 04:00 - 2010-04-19 15:17 - 00000000 ____D C:\ProgramData\SlySoft
2015-09-02 03:59 - 2015-07-25 00:39 - 00000000 ____D C:\Program Files\Java
2015-09-02 00:45 - 2015-03-14 01:43 - 00000000 ____D C:\Users\Dell\Desktop\Firefox Bookmarks
2015-08-27 22:39 - 2009-11-10 13:33 - 00348420 _____ C:\Windows\PFRO.log
2015-08-27 21:31 - 2015-07-25 00:41 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-08-25 22:24 - 2010-04-30 17:07 - 00000000 ____D C:\Users\Dell\AppData\Local\Google
2015-08-22 17:22 - 2010-09-10 21:57 - 00000000 ____D C:\QUARANTINE
2015-08-22 11:25 - 2011-12-19 23:22 - 00000000 ____D C:\Users\Dell\AppData\Roaming\VOX
2015-08-21 17:15 - 2009-07-13 19:04 - 00000215 _____ C:\Windows\system.ini
2015-08-21 17:05 - 2011-05-04 19:49 - 00000000 ____D C:\ProgramData\TEMP
2015-08-21 08:50 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-08-19 23:42 - 2014-07-20 14:48 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-19 15:06 - 2015-07-24 18:47 - 00000000 ___HD C:\ProgramData\wcd
2015-08-17 01:11 - 2009-11-10 13:11 - 00000000 ____D C:\Windows\PCHEALTH
2015-08-12 04:14 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 04:02 - 2009-07-13 21:33 - 00405992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:59 - 2014-12-13 12:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:59 - 2014-05-04 11:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:41 - 2014-10-28 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:29 - 2013-08-18 11:51 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:15 - 2010-04-17 15:38 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 12:22 - 2013-09-15 13:57 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-11 12:22 - 2013-09-15 13:57 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
C:\Users\Dell\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Dell\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 16:55

==================== End of FRST.txt ============================

 

 

Here  are the results from today's scan for the Additional.txt log :

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-09-2015 01
Ran by Dell (2015-09-06 11:45:04)
Running from C:\Users\Dell\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2009-11-10 19:17:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3100691908-1277675892-733824803-500 - Administrator - Disabled)
Dell (S-1-5-21-3100691908-1277675892-733824803-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-3100691908-1277675892-733824803-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3100691908-1277675892-733824803-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Amazon Kindle) (Version:  - Amazon)
Anvil Studio 2012 (HKLM\...\{66680918-A08D-486B-B33D-08E90E07E297}) (Version: 12.05.10 - Willow Software)
Anvil Studio 2015 (HKLM\...\{14176C29-2E11-40B7-A28E-E205C90CCEDD}) (Version: 15.03.01 - Willow Software)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.6.4.0 - SlySoft)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version:  - )
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B25A87F2-EA64-4C60-9989-6442FFFAD5E2}) (Version: 3.5.100.0 - Fresco Logic Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
JamVOX (HKLM\...\{B00C01D2-2A74-4FB8-AD86-111C77F3CF7E}) (Version: 2.01.1 - Korg Inc.)
JamVOX USB Driver (HKLM\...\JamVOX USB Driver) (Version: 2.00 - VOX)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{AA951B10-7089-4D60-B288-516E641F48E6}) (Version: 4.0.0.1496 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.0 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Firefox 40.0.3 (x86 en-US) (HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MysticForest (HKLM\...\{2AAFE1D7-9066-4183-B267-0398A3533E88}) (Version: 1.00.0000 - Phantom EFX)
Nero 8 Essentials (HKLM\...\{470C8EFE-AEB0-402E-B05A-91E08C201033}) (Version: 8.3.416 - Nero AG)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
SlowGold 8 (remove only) (HKLM\...\SlowGold 8) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Webroot Software (HKLM\...\Webroot Software) (Version: 7.0.4.102 - Webroot Software, Inc.)
Webroot Software (Version: 7.0.4.102 - Webroot Software, Inc.) Hidden
WinRescue 7 (HKLM\...\WinRescue 7_is1) (Version:  - Super Win Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-08-2015 02:45:56 Removed McAfee VirusScan Enterprise
28-08-2015 16:01:36 Installed McAfee VirusScan Enterprise
28-08-2015 16:17:58 Restore Operation
28-08-2015 16:38:58 Installed McAfee VirusScan Enterprise
28-08-2015 17:17:52 Windows Update
02-09-2015 00:55:36 Removed Java 8 Update 60
02-09-2015 02:41:03 Restore Operation
02-09-2015 04:41:44 Windows Modules Installer
02-09-2015 12:14:34 Checkpoint by HitmanPro
03-09-2015 03:00:43 Windows Update
03-09-2015 12:13:35 Removed McAfee VirusScan Enterprise
03-09-2015 12:18:22 JRT Pre-Junkware Removal
03-09-2015 13:18:15 Installed McAfee VirusScan Enterprise
04-09-2015 03:00:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2015-07-21 00:19 - 00000057 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.1    mssplus.mcafee.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041F6B70-2B33-4DCD-B155-65025B31178B} - System32\Tasks\{276B7AD0-5B21-411F-B142-5702584A97E2} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {13996D2D-D8E6-490C-8529-F926ED4C2371} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {3171154D-1F90-41B9-ADA5-83E64AF442AE} - System32\Tasks\{D963EF0B-ADF5-4BF3-A652-5B100FB0BD26} => pcalua.exe -a Z:\Driver\7_VISTA\275.33-desktop-win7-winvista-32bit-international-whql.exe -d Z:\Driver\7_VISTA
Task: {3E7036FC-2512-4D85-BDFE-5C706832C5E1} - System32\Tasks\Opera scheduled Autoupdate 1437788717 => C:\Program Files\Opera\launcher.exe
Task: {49AF37E2-8F97-49B8-9F75-19427D66BF89} - System32\Tasks\{7A98948C-E327-4AF0-9EE4-204F4F65A7CD} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {50C3C20C-E8BD-4624-806F-8DAE6135F817} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {5831F863-8549-4ABE-9809-87262B7840D5} - System32\Tasks\{53FB7BC8-9D76-456C-B065-D5D577487EC2} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {6702454A-3271-4208-8189-A06E6B8C42A0} - System32\Tasks\{52EB4529-17E8-4EEF-AA6E-5ED4414939A3} => pcalua.exe -a "C:\Users\Dell\Desktop\Backup of USB Drive\Work Stuff\Desktop 1-17-08\Adobe Reader 8.1.1.exe" -d "C:\Users\Dell\Desktop\Backup of USB Drive\Work Stuff\Desktop 1-17-08"
Task: {7B6483AD-F060-4107-92F4-5B76AA648008} - System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094 => C:\Users\Dell\AppData\Roaming\JV Update\SecureWebUpdate.exe [2015-07-24] () <==== ATTENTION
Task: {86A1B481-F269-40C7-8192-8C1EA2DF5D98} - System32\Tasks\{64B9FEDE-FCCD-4CCF-A57C-75BCB6170DEE} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {9BE562B6-9B09-41DB-81D2-3E5F07D77DD6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9C8B0654-63BC-41B8-98E0-3172CABDCD51} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {A3B60325-9595-4583-9805-0B1E6C2D52D9} - System32\Tasks\{277FF890-3C4C-4344-97FC-16E2E05591EC} => pcalua.exe -a E:\QTW212\QTW95.EXE -d E:\QTW212
Task: {A9A4B8B7-5D8A-4216-8F1F-B651348ABE5B} - System32\Tasks\{B1EA5603-7F5E-4DB0-A08E-009D686205E1} => pcalua.exe -a "C:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSLOHOY2\SlowGold804Setup.exe" -d C:\Users\Dell\Desktop
Task: {B4878320-F7E1-4325-9940-6FCA254498BE} - System32\Tasks\{AE696145-622D-40D5-8045-3DF25F386B16} => pcalua.exe -a "C:\SWSetup\SP42970\Win smartflash\H653N_hb02.exe" -d "C:\SWSetup\SP42970\Win smartflash"
Task: {D86002D9-3789-4427-9894-321E9C89770E} - System32\Tasks\{B2FFB8CA-55E3-4DCC-A782-664A7442771A} => pcalua.exe -a C:\Users\Dell\Downloads\SlowGoldSetup.exe -d C:\Users\Dell\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2005-08-22 16:38 - 2005-08-22 16:38 - 03264512 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2009-08-25 16:00 - 2009-08-25 16:00 - 00057344 _____ () C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
2009-10-22 20:07 - 2009-10-22 20:07 - 00148816 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2015-07-25 01:21 - 2015-07-22 17:52 - 00106312 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-07-24 23:26 - 2014-11-04 02:38 - 00867080 _____ () C:\Program Files\CyberLink\PowerDVD14\common\UNO\UNO.dll
2015-07-24 23:25 - 2013-12-10 00:39 - 00074240 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00285184 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00040960 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00721920 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
2015-07-25 00:59 - 2015-07-23 21:22 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2011-12-19 09:11 - 2011-12-19 09:11 - 02899968 _____ () C:\Program Files\VOX\JamVOX\JVExec.exe
2011-12-15 04:22 - 2011-12-15 04:22 - 00018432 _____ () C:\Program Files\VOX\JamVOX\jamvoxdevice.dll
2015-07-24 18:44 - 2015-05-14 00:03 - 00007680 _____ () C:\Windows\wnavga.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: WebrootSpySweeperService => 2
MSCONFIG\Services: WRConsumerService => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1BE567EA-2410-4BC1-B2E9-86F4EFA0B317}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{AB8AD4BF-9D76-4C54-8F3A-288121579E0F}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{C3B31D00-9723-478F-BBE0-5CCB328DD478}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{C2392448-8C62-4816-9591-EE581ED7F28F}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [TCP Query User{6ED2FA06-1544-4237-BC46-9F58AAB18BC8}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0D54F720-E2FF-4F1F-A0AC-724E048F0624}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{F99E5F49-4E56-48FC-AC1B-86D8B57425CB}C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe
FirewallRules: [UDP Query User{70393654-EB65-486D-8E40-789516DC9528}C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe
FirewallRules: [TCP Query User{A14256DD-3C45-469C-A999-0C6AD3917171}C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe
FirewallRules: [UDP Query User{A573EF0F-0183-4ED8-85EC-BD18E0B87C8F}C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe
FirewallRules: [{C1698713-4799-4F02-BE13-A926DF898178}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A69B1F3-D1F9-44C9-A4A2-FCCEA3F03D06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CC8ABFD-BD9D-4462-91ED-D25D23781E94}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0EC22E18-CC5A-4445-9EAC-0411DF44DE69}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1036F8C4-AA51-41E8-9069-0DC49E58520F}] => (Allow) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{13709C97-F6E6-4B48-A65C-F5B46D2D9E1A}] => (Allow) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{0CF80FCC-5EE3-4EEE-AB85-FC54229DAA71}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F2AD2B14-4A68-43F5-ADE9-5C4A51CD1BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9142BA78-A567-40A2-85B6-8E726D317200}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2CBEEADF-BF71-4F84-91BA-C80461AC5477}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F70C1E39-25F9-4839-900C-36F67CDE6D94}] => (Allow) C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe
FirewallRules: [{9A85AD93-742A-40E0-9604-2A2B18619C0D}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{13929BD5-1E50-42B7-9B6B-56BCC2796753}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{5565DC75-9BE3-4FCD-BF68-854DAFC2260E}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{F8C2D9CA-0310-41E7-87F6-69DFED46E519}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A69E9117-981E-4F0D-8416-20AF02C1AB91}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{A8505EBF-8A9B-42B2-A609-2A83C3B2C5AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ABA29D6B-CCD7-4176-9A72-A8C13F75FBF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EA705B42-BDA5-41D3-81EA-67FFF71B2567}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D7332724-38FE-4C48-B06C-2B58607D4528}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6622C8D5-646C-489E-94D4-A73EB0FDCEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:Policy

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2015 11:31:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
Exception code: 0x80000003
Fault offset: 0x0000e250
Faulting process id: 0x174
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (09/04/2015 03:21:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17457, time stamp: 0x55b3b641
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a69d9f
Exception code: 0xc0000264
Fault offset: 0x000a1bba
Faulting process id: 0x1284
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/04/2015 03:20:07 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (09/04/2015 03:19:35 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/04/2015 03:19:35 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/04/2015 03:19:35 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/03/2015 01:26:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (09/03/2015 01:26:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/03/2015 01:26:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/03/2015 01:26:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (09/06/2015 12:20:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (09/05/2015 09:37:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/05/2015 09:37:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/05/2015 09:32:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/05/2015 09:32:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/04/2015 03:41:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (09/04/2015 03:19:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/03/2015 09:33:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (09/03/2015 01:43:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (09/03/2015 01:26:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126


Microsoft Office:
=========================

CodeIntegrity:
===================================
  Date: 2015-07-24 18:47:07.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:47:06.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:45:39.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:45:37.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:45:20.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-24 18:45:20.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 34%
Total physical RAM: 3454.14 MB
Available physical RAM: 2265.97 MB
Total Virtual: 6906.59 MB
Available Virtual: 4585.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.98 GB) (Free:107.05 GB) NTFS
Drive d: () (Fixed) (Total:232.78 GB) (Free:189.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (LEXAR MEDIA) (Removable) (Total:1.94 GB) (Free:0.7 GB) FAT
Drive f: (Segate 1.5 Tb) (Fixed) (Total:1397.26 GB) (Free:1052.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 84315601)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 644A5262)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=04)

==================== End of Addition.txt ============================



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 06 September 2015 - 03:00 PM

Hey, :)

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    Hosts:
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [No File]
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

Edited by Machiavelli, 06 September 2015 - 03:00 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 stealth1

stealth1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 06 September 2015 - 03:24 PM

This is NOT a 64 bit system! Shall I run the fixlist.txt using FRST.exe instead of FST64.exe?


Edited by stealth1, 06 September 2015 - 03:25 PM.


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 06 September 2015 - 03:28 PM

Yes.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 stealth1

stealth1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 06 September 2015 - 03:59 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:06-09-2015 01
Ran by Dell (2015-09-06 13:35:27) Run:1
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell (Available Profiles: Dell)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
Hosts:
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
"HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0" => key removed successfully.
"HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully.
EmptyTemp: => 473.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:38:51 ====

#14 stealth1

stealth1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 06 September 2015 - 04:06 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-09-2015 01
Ran by Dell (administrator) on DELL-PC (06-09-2015 14:00:36)
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell (Available Profiles: Dell)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Copyright © Microsoft 2015) C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\wnavga.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(DivX, LLC) C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files\VOX\JamVOX\JVExec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Dell\AppData\Roaming\JV Update\SecureWebUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [136512 2009-08-25] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PowerDVD14Agent] => C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-10-22] (McAfee, Inc.)
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-08-27] (SlySoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JVExec.lnk [2015-07-27]
ShortcutTarget: JVExec.lnk -> C:\Program Files\VOX\JamVOX\JVExec.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A26F39FA-D455-4966-A2BA-1558291DCF02}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{B1CF5972-030E-4B7F-99F5-47D6EE5C87EC}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{B2B1B70D-1DF5-4E87-B5EE-A0C93B612032}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2009-10-22] (McAfee, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-3100691908-1277675892-733824803-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\z7e0d800.default-1440088808982
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)

Chrome:
=======
StartMenuInternet: Google Chrome.PBDEKFRTSKZSQ5DH3MXB75RVIM - C:\Users\Dell\AppData\Local\Google\Chrome\Application\46.1.2479.0\chromer.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921232 2015-07-23] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-08-28] (SurfRight B.V.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [21256 2009-10-22] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [146448 2009-10-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [66896 2009-10-22] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [70728 2009-10-22] (McAfee, Inc.)
R2 msdotnetserv_v2050729; C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe [3003880 2015-07-05] (Copyright © Microsoft 2015)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4305040 2015-07-23] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinGraph; C:\Windows\wnavga.exe [7680 2015-05-14] () [File not signed]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ampa; C:\Windows\system32\ampa.sys [14448 2013-11-29] ()
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2015-04-28] (SlySoft, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [12728 2011-06-15] () [File not signed]
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [206504 2013-07-02] (Fresco Logic)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [61608 2013-07-02] (Fresco Logic)
S3 JamVOXUSBAudioSrv; C:\Windows\System32\drivers\jamvox.sys [105416 2011-12-14] (CEntrance, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [75704 2009-10-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91672 2009-10-22] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43288 2009-10-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [343664 2009-10-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [65448 2009-10-22] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [63728 2009-10-22] (McAfee, Inc.)
S3 MUD; C:\Windows\System32\DRIVERS\MUD.sys [51200 2008-02-06] (Magellan)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [42344 2015-07-02] (NVIDIA Corporation)
S3 RDID1003; C:\Windows\System32\Drivers\rdwm1003.sys [66530 2005-06-03] (Roland Corporation) [File not signed]
R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [45072 2010-06-17] (Webroot Software, Inc. (www.webroot.com))
R0 sshrmd; C:\Windows\System32\DRIVERS\sshrmd.sys [24496 2010-06-17] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [182056 2010-06-17] (Webroot Software, Inc. (www.webroot.com))
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-11-04] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Dell\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 13:32 - 2015-09-06 13:31 - 02870984 _____ (ESET) C:\Users\Dell\Desktop\esetsmartinstaller_enu.exe
2015-09-06 13:31 - 2015-09-06 13:31 - 02870984 _____ (ESET) C:\Users\Dell\Downloads\esetsmartinstaller_enu.exe
2015-09-06 12:26 - 2015-09-06 12:26 - 00000017 _____ C:\Users\Dell\AppData\Local\resmon.resmoncfg
2015-09-06 11:42 - 2015-09-06 11:42 - 00000000 ____D C:\Users\Dell\Desktop\FRST-OlderVersion
2015-09-04 03:01 - 2015-08-13 04:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-04 03:01 - 2015-08-13 03:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-03 13:19 - 2009-10-22 20:07 - 00343664 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00091672 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00075704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00070728 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-09-03 13:19 - 2009-10-22 20:07 - 00065448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00063728 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfetdik.sys
2015-09-03 13:19 - 2009-10-22 20:07 - 00043288 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2015-09-03 13:18 - 2015-09-03 13:18 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-03 12:54 - 2015-09-03 12:59 - 00000000 ____D C:\AdwCleaner
2015-09-03 12:23 - 2015-09-03 12:23 - 00000860 _____ C:\Users\Dell\Desktop\JRT.txt
2015-09-03 12:03 - 2015-09-03 10:34 - 01654272 _____ C:\Users\Dell\Desktop\AdwCleaner.exe
2015-09-03 12:03 - 2015-09-03 10:32 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Dell\Desktop\JRT.exe
2015-09-03 01:57 - 2015-09-06 11:47 - 00031114 _____ C:\Users\Dell\Desktop\Addition.txt
2015-09-03 01:54 - 2015-09-06 14:01 - 00015995 _____ C:\Users\Dell\Desktop\FRST.txt
2015-09-03 01:54 - 2015-09-06 14:00 - 00000000 ____D C:\FRST
2015-09-03 01:53 - 2015-09-06 11:42 - 01692160 _____ (Farbar) C:\Users\Dell\Desktop\FRST.exe
2015-09-03 00:57 - 2015-07-25 13:25 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-03 00:57 - 2015-07-25 13:24 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-03 00:57 - 2015-07-25 13:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 13774848 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 02865664 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 02056704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-03 00:57 - 2015-07-25 13:23 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-03 00:57 - 2015-07-25 13:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-03 00:57 - 2015-07-25 11:17 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-03 00:57 - 2015-07-25 10:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-09-02 23:47 - 2015-09-02 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-09-02 23:47 - 2015-09-02 23:47 - 00000000 ____D C:\Program Files\Cobian Backup 11
2015-09-02 13:01 - 2009-03-02 16:20 - 00049904 ____R (Avanquest Software) C:\Windows\system32\Drivers\BVRPMPR5.SYS
2015-09-02 13:00 - 2015-09-02 13:00 - 00000000 ____D C:\Netgear
2015-09-02 04:39 - 2015-09-02 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-02 02:23 - 2015-09-02 02:23 - 00074708 _____ C:\Users\Dell\Desktop\HitmanPro_20150902_0223.log
2015-09-02 00:43 - 2015-09-02 00:43 - 00074964 _____ C:\Users\Dell\Desktop\HitmanPro_20150902_0043.log
2015-09-01 22:23 - 2015-09-01 22:35 - 00000043 _____ C:\Users\Dell\Desktop\first redirection url.txt
2015-09-01 22:02 - 2015-09-01 22:02 - 00000106 _____ C:\Users\Dell\Desktop\Bogus Flash Player Uptade URL.txt
2015-08-28 16:02 - 2015-09-03 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-28 14:51 - 2015-08-28 14:51 - 00000000 ____D C:\Users\Dell\AppData\Local\Deployment
2015-08-28 14:51 - 2015-08-28 14:51 - 00000000 ____D C:\Users\Dell\AppData\Local\Apps\2.0
2015-08-27 21:32 - 2015-09-02 04:02 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-27 21:32 - 2015-08-27 21:32 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Sun
2015-08-27 21:32 - 2015-08-27 21:32 - 00000000 ____D C:\Users\Dell\.oracle_jre_usage
2015-08-22 00:17 - 2009-10-22 20:07 - 00070728 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.5308.deleteme
2015-08-21 23:07 - 2015-08-21 23:09 - 00002446 _____ C:\DelFix.txt
2015-08-21 23:02 - 2015-08-21 23:02 - 00781312 _____ C:\Users\Dell\Downloads\delfix_1.010.exe
2015-08-21 13:51 - 2015-08-21 13:51 - 00000877 _____ C:\Users\Dell\Desktop\Install Windows Internet Explorer.lnk
2015-08-20 15:58 - 2015-08-20 15:58 - 17269640 _____ C:\Windows\registry.zzz
2015-08-20 15:58 - 2015-08-20 15:58 - 17269640 _____ C:\Windows\registry.daz
2015-08-20 15:15 - 2015-08-20 15:15 - 00000000 ____D C:\Windows\WinRescue
2015-08-20 14:47 - 2015-08-20 15:53 - 00000046 _____ C:\rsq7dir.ini
2015-08-20 14:46 - 2015-09-02 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRescue 7
2015-08-20 14:46 - 2015-08-20 14:54 - 00000000 ____D C:\Program Files\WinRescue 7
2015-08-20 14:46 - 2015-08-20 14:46 - 00000974 _____ C:\Users\Dell\Desktop\WinRescue 7.lnk
2015-08-20 14:44 - 2015-08-20 14:44 - 00946866 _____ (Super Win Software, Inc. ) C:\Users\Dell\Downloads\wnrsq7z.exe
2015-08-20 09:40 - 2015-08-20 09:40 - 00000000 ____D C:\Users\Dell\Desktop\Old Firefox Data
2015-08-19 23:41 - 2015-08-19 23:41 - 00000000 ____D C:\Users\Dell\Downloads\mbam-chameleon-3.1.25.0
2015-08-19 23:38 - 2015-08-19 23:38 - 06383209 _____ C:\Users\Dell\Downloads\mbam-chameleon-3.1.25.0.zip
2015-08-19 15:08 - 2015-08-19 15:08 - 00477498 _____ C:\Users\Dell\Desktop\HitmanPro_20150819_1508.log
2015-08-19 15:06 - 2015-09-02 12:15 - 00000182 _____ C:\Windows\system32\.crusader
2015-08-19 14:46 - 2015-08-19 14:46 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-19 14:46 - 2015-08-19 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-19 14:45 - 2015-09-02 04:02 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-19 14:44 - 2015-08-19 15:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-19 14:44 - 2015-08-19 14:44 - 10113976 _____ (SurfRight B.V.) C:\Users\Dell\Downloads\HitmanPro.exe
2015-08-15 02:44 - 2015-08-15 02:44 - 00000000 ____D C:\Users\Dell\Documents\My Kindle Content
2015-08-15 02:43 - 2015-08-15 02:43 - 00001940 _____ C:\Users\Dell\Desktop\Kindle.lnk
2015-08-15 02:43 - 2015-08-15 02:43 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-08-15 02:43 - 2015-08-15 02:43 - 00000000 ____D C:\Users\Dell\AppData\Local\Amazon
2015-08-15 02:43 - 2015-08-15 02:43 - 00000000 ____D C:\Program Files\Amazon
2015-08-12 03:59 - 2015-08-12 03:59 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-12 03:39 - 2015-08-12 03:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:03 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 17:41 - 2015-07-28 13:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 17:41 - 2015-07-28 13:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 17:41 - 2015-07-28 13:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 17:41 - 2015-07-28 12:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 17:41 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 17:41 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 17:41 - 2015-07-20 10:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 17:41 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-11 17:41 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 17:41 - 2015-07-15 10:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 17:41 - 2015-07-15 10:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 17:41 - 2015-07-15 10:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 17:41 - 2015-07-15 10:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 17:41 - 2015-07-15 10:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 17:41 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 17:41 - 2015-07-15 10:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 17:41 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 17:41 - 2015-07-15 10:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 17:41 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 17:41 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 17:41 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 17:41 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 17:41 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 17:41 - 2015-07-15 09:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 17:41 - 2015-07-15 09:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 17:41 - 2015-07-15 09:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 17:41 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 17:41 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 17:41 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 17:41 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 17:40 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 17:40 - 2015-07-30 09:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 17:40 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 17:40 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 17:40 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 17:40 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 17:40 - 2015-07-16 08:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-11 17:40 - 2015-07-14 19:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 17:40 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 17:40 - 2015-05-09 11:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 17:39 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 17:39 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 17:39 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 17:39 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 13:58 - 2009-07-13 21:34 - 00027632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-06 13:58 - 2009-07-13 21:34 - 00027632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-06 13:50 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing
2015-09-06 13:49 - 2015-03-18 17:13 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-06 13:49 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-06 13:49 - 2009-07-13 21:39 - 00094858 _____ C:\Windows\setupact.log
2015-09-06 13:48 - 2009-11-10 12:09 - 01410442 _____ C:\Windows\WindowsUpdate.log
2015-09-06 13:30 - 2015-07-30 12:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-06 12:59 - 2009-11-10 12:20 - 00786514 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-04 12:15 - 2009-11-10 12:05 - 00000000 ____D C:\Windows\Panther
2015-09-03 17:20 - 2009-11-10 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-03 13:18 - 2015-07-24 11:45 - 00000000 ____D C:\Program Files\McAfee
2015-09-03 13:18 - 2010-04-17 19:49 - 00000000 ____D C:\ProgramData\McAfee
2015-09-03 12:19 - 2009-11-10 12:17 - 00000000 ____D C:\Users\Dell
2015-09-03 10:25 - 2014-07-20 14:50 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-09-03 10:07 - 2010-04-19 15:15 - 00001059 _____ C:\Users\Public\Desktop\AnyDVD.lnk
2015-09-02 13:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2015-09-02 05:22 - 2015-07-10 04:17 - 00000000 ___HD C:\$Windows.~BT
2015-09-02 04:04 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-02 04:03 - 2015-04-05 11:37 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-02 04:03 - 2015-03-18 15:20 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2015-09-02 04:03 - 2009-11-10 12:17 - 00000000 ___RD C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-02 04:03 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-02 04:02 - 2015-07-25 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-02 04:02 - 2015-07-24 19:06 - 00000000 ____D C:\ProgramData\MSNetCore
2015-09-02 04:02 - 2013-08-21 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChessGenius Classic
2015-09-02 04:02 - 2010-04-19 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2015-09-02 04:02 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\registration
2015-09-02 04:01 - 2015-07-11 23:34 - 00000000 ____D C:\Users\Dell\AppData\Local\Mozilla
2015-09-02 04:00 - 2013-10-29 11:23 - 00000000 ____D C:\ProgramData\Oracle
2015-09-02 04:00 - 2010-04-19 15:17 - 00000000 ____D C:\ProgramData\SlySoft
2015-09-02 03:59 - 2015-07-25 00:39 - 00000000 ____D C:\Program Files\Java
2015-09-02 00:45 - 2015-03-14 01:43 - 00000000 ____D C:\Users\Dell\Desktop\Firefox Bookmarks
2015-08-27 22:39 - 2009-11-10 13:33 - 00348420 _____ C:\Windows\PFRO.log
2015-08-27 21:31 - 2015-07-25 00:41 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-08-25 22:24 - 2010-04-30 17:07 - 00000000 ____D C:\Users\Dell\AppData\Local\Google
2015-08-22 17:22 - 2010-09-10 21:57 - 00000000 ____D C:\QUARANTINE
2015-08-22 11:25 - 2011-12-19 23:22 - 00000000 ____D C:\Users\Dell\AppData\Roaming\VOX
2015-08-21 17:15 - 2009-07-13 19:04 - 00000215 _____ C:\Windows\system.ini
2015-08-21 17:05 - 2011-05-04 19:49 - 00000000 ____D C:\ProgramData\TEMP
2015-08-21 08:50 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-08-19 23:42 - 2014-07-20 14:48 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-19 15:06 - 2015-07-24 18:47 - 00000000 ___HD C:\ProgramData\wcd
2015-08-17 01:11 - 2009-11-10 13:11 - 00000000 ____D C:\Windows\PCHEALTH
2015-08-12 04:14 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 04:02 - 2009-07-13 21:33 - 00405992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:59 - 2014-12-13 12:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:59 - 2014-05-04 11:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:41 - 2014-10-28 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:29 - 2013-08-18 11:51 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:15 - 2010-04-17 15:38 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 12:22 - 2013-09-15 13:57 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-11 12:22 - 2013-09-15 13:57 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-09-06 12:26 - 2015-09-06 12:26 - 0000017 _____ () C:\Users\Dell\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 16:55

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-09-2015 01
Ran by Dell (2015-09-06 14:02:43)
Running from C:\Users\Dell\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-11-10 19:17:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3100691908-1277675892-733824803-500 - Administrator - Disabled)
Dell (S-1-5-21-3100691908-1277675892-733824803-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-3100691908-1277675892-733824803-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3100691908-1277675892-733824803-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Amazon Kindle) (Version: - Amazon)
Anvil Studio 2012 (HKLM\...\{66680918-A08D-486B-B33D-08E90E07E297}) (Version: 12.05.10 - Willow Software)
Anvil Studio 2015 (HKLM\...\{14176C29-2E11-40B7-A28E-E205C90CCEDD}) (Version: 15.03.01 - Willow Software)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.6.4.0 - SlySoft)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: - ArcSoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version: - )
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B25A87F2-EA64-4C60-9989-6442FFFAD5E2}) (Version: 3.5.100.0 - Fresco Logic Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
JamVOX (HKLM\...\{B00C01D2-2A74-4FB8-AD86-111C77F3CF7E}) (Version: 2.01.1 - Korg Inc.)
JamVOX USB Driver (HKLM\...\JamVOX USB Driver) (Version: 2.00 - VOX)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{AA951B10-7089-4D60-B288-516E641F48E6}) (Version: 4.0.0.1496 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.0 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Firefox 40.0.3 (x86 en-US) (HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MysticForest (HKLM\...\{2AAFE1D7-9066-4183-B267-0398A3533E88}) (Version: 1.00.0000 - Phantom EFX)
Nero 8 Essentials (HKLM\...\{470C8EFE-AEB0-402E-B05A-91E08C201033}) (Version: 8.3.416 - Nero AG)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
SlowGold 8 (remove only) (HKLM\...\SlowGold 8) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Webroot Software (HKLM\...\Webroot Software) (Version: 7.0.4.102 - Webroot Software, Inc.)
Webroot Software (Version: 7.0.4.102 - Webroot Software, Inc.) Hidden
WinRescue 7 (HKLM\...\WinRescue 7_is1) (Version: - Super Win Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-08-2015 16:01:36 Installed McAfee VirusScan Enterprise
28-08-2015 16:17:58 Restore Operation
28-08-2015 16:38:58 Installed McAfee VirusScan Enterprise
28-08-2015 17:17:52 Windows Update
02-09-2015 00:55:36 Removed Java 8 Update 60
02-09-2015 02:41:03 Restore Operation
02-09-2015 04:41:44 Windows Modules Installer
02-09-2015 12:14:34 Checkpoint by HitmanPro
03-09-2015 03:00:43 Windows Update
03-09-2015 12:13:35 Removed McAfee VirusScan Enterprise
03-09-2015 12:18:22 JRT Pre-Junkware Removal
03-09-2015 13:18:15 Installed McAfee VirusScan Enterprise
04-09-2015 03:00:47 Windows Update
06-09-2015 13:35:43 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2015-09-06 13:36 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041F6B70-2B33-4DCD-B155-65025B31178B} - System32\Tasks\{276B7AD0-5B21-411F-B142-5702584A97E2} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {13996D2D-D8E6-490C-8529-F926ED4C2371} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {3171154D-1F90-41B9-ADA5-83E64AF442AE} - System32\Tasks\{D963EF0B-ADF5-4BF3-A652-5B100FB0BD26} => pcalua.exe -a Z:\Driver\7_VISTA\275.33-desktop-win7-winvista-32bit-international-whql.exe -d Z:\Driver\7_VISTA
Task: {3E7036FC-2512-4D85-BDFE-5C706832C5E1} - System32\Tasks\Opera scheduled Autoupdate 1437788717 => C:\Program Files\Opera\launcher.exe
Task: {49AF37E2-8F97-49B8-9F75-19427D66BF89} - System32\Tasks\{7A98948C-E327-4AF0-9EE4-204F4F65A7CD} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {50C3C20C-E8BD-4624-806F-8DAE6135F817} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {5831F863-8549-4ABE-9809-87262B7840D5} - System32\Tasks\{53FB7BC8-9D76-456C-B065-D5D577487EC2} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {6702454A-3271-4208-8189-A06E6B8C42A0} - System32\Tasks\{52EB4529-17E8-4EEF-AA6E-5ED4414939A3} => pcalua.exe -a "C:\Users\Dell\Desktop\Backup of USB Drive\Work Stuff\Desktop 1-17-08\Adobe Reader 8.1.1.exe" -d "C:\Users\Dell\Desktop\Backup of USB Drive\Work Stuff\Desktop 1-17-08"
Task: {7B6483AD-F060-4107-92F4-5B76AA648008} - System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094 => C:\Users\Dell\AppData\Roaming\JV Update\SecureWebUpdate.exe [2015-07-24] () <==== ATTENTION
Task: {86A1B481-F269-40C7-8192-8C1EA2DF5D98} - System32\Tasks\{64B9FEDE-FCCD-4CCF-A57C-75BCB6170DEE} => C:\Program Files\SlowGold 8\SlowGold8.exe [2015-07-28] ()
Task: {9BE562B6-9B09-41DB-81D2-3E5F07D77DD6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9C8B0654-63BC-41B8-98E0-3172CABDCD51} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {A3B60325-9595-4583-9805-0B1E6C2D52D9} - System32\Tasks\{277FF890-3C4C-4344-97FC-16E2E05591EC} => pcalua.exe -a E:\QTW212\QTW95.EXE -d E:\QTW212
Task: {A9A4B8B7-5D8A-4216-8F1F-B651348ABE5B} - System32\Tasks\{B1EA5603-7F5E-4DB0-A08E-009D686205E1} => pcalua.exe -a "C:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSLOHOY2\SlowGold804Setup.exe" -d C:\Users\Dell\Desktop
Task: {B4878320-F7E1-4325-9940-6FCA254498BE} - System32\Tasks\{AE696145-622D-40D5-8045-3DF25F386B16} => pcalua.exe -a "C:\SWSetup\SP42970\Win smartflash\H653N_hb02.exe" -d "C:\SWSetup\SP42970\Win smartflash"
Task: {D86002D9-3789-4427-9894-321E9C89770E} - System32\Tasks\{B2FFB8CA-55E3-4DCC-A782-664A7442771A} => pcalua.exe -a C:\Users\Dell\Downloads\SlowGoldSetup.exe -d C:\Users\Dell\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-25 01:21 - 2015-07-22 17:52 - 00106312 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2005-08-22 16:38 - 2005-08-22 16:38 - 03264512 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2009-08-25 16:00 - 2009-08-25 16:00 - 00057344 _____ () C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
2015-07-24 18:44 - 2015-05-14 00:03 - 00007680 _____ () C:\Windows\wnavga.exe
2009-10-22 20:07 - 2009-10-22 20:07 - 00148816 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2015-07-24 23:26 - 2014-11-04 02:38 - 00867080 _____ () C:\Program Files\CyberLink\PowerDVD14\common\UNO\UNO.dll
2015-07-24 23:25 - 2013-12-10 00:39 - 00074240 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00285184 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00040960 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
2015-07-24 23:25 - 2013-12-10 00:39 - 00721920 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
2015-07-25 00:59 - 2015-07-23 21:22 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2011-12-19 09:11 - 2011-12-19 09:11 - 02899968 _____ () C:\Program Files\VOX\JamVOX\JVExec.exe
2011-12-15 04:22 - 2011-12-15 04:22 - 00018432 _____ () C:\Program Files\VOX\JamVOX\jamvoxdevice.dll
2015-07-24 12:00 - 2015-07-24 12:00 - 00312832 _____ () C:\Users\Dell\AppData\Roaming\JV Update\SecureWebUpdate.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3100691908-1277675892-733824803-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3100691908-1277675892-733824803-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: WebrootSpySweeperService => 2
MSCONFIG\Services: WRConsumerService => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1BE567EA-2410-4BC1-B2E9-86F4EFA0B317}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{AB8AD4BF-9D76-4C54-8F3A-288121579E0F}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{C3B31D00-9723-478F-BBE0-5CCB328DD478}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{C2392448-8C62-4816-9591-EE581ED7F28F}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [TCP Query User{6ED2FA06-1544-4237-BC46-9F58AAB18BC8}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0D54F720-E2FF-4F1F-A0AC-724E048F0624}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{F99E5F49-4E56-48FC-AC1B-86D8B57425CB}C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe
FirewallRules: [UDP Query User{70393654-EB65-486D-8E40-789516DC9528}C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\bin\prelauncher.exe
FirewallRules: [TCP Query User{A14256DD-3C45-469C-A999-0C6AD3917171}C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe
FirewallRules: [UDP Query User{A573EF0F-0183-4ED8-85EC-BD18E0B87C8F}C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe] => (Block) C:\users\public\phantom efx\onlinecasino\launcher\olclauncher.exe
FirewallRules: [{C1698713-4799-4F02-BE13-A926DF898178}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A69B1F3-D1F9-44C9-A4A2-FCCEA3F03D06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CC8ABFD-BD9D-4462-91ED-D25D23781E94}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0EC22E18-CC5A-4445-9EAC-0411DF44DE69}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1036F8C4-AA51-41E8-9069-0DC49E58520F}] => (Allow) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{13709C97-F6E6-4B48-A65C-F5B46D2D9E1A}] => (Allow) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{0CF80FCC-5EE3-4EEE-AB85-FC54229DAA71}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F2AD2B14-4A68-43F5-ADE9-5C4A51CD1BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9142BA78-A567-40A2-85B6-8E726D317200}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2CBEEADF-BF71-4F84-91BA-C80461AC5477}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F70C1E39-25F9-4839-900C-36F67CDE6D94}] => (Allow) C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe
FirewallRules: [{9A85AD93-742A-40E0-9604-2A2B18619C0D}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{13929BD5-1E50-42B7-9B6B-56BCC2796753}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{5565DC75-9BE3-4FCD-BF68-854DAFC2260E}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{F8C2D9CA-0310-41E7-87F6-69DFED46E519}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A69E9117-981E-4F0D-8416-20AF02C1AB91}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{A8505EBF-8A9B-42B2-A609-2A83C3B2C5AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ABA29D6B-CCD7-4176-9A72-A8C13F75FBF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EA705B42-BDA5-41D3-81EA-67FFF71B2567}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D7332724-38FE-4C48-B06C-2B58607D4528}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6622C8D5-646C-489E-94D4-A73EB0FDCEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:Policy

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2015 01:49:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (09/06/2015 01:49:44 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/06/2015 01:49:44 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/06/2015 01:49:44 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/06/2015 01:35:42 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {1e6723a9-0240-4675-bd45-a7d64693a7f2}

Error: (09/06/2015 01:13:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (09/06/2015 01:13:40 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/06/2015 01:13:40 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/06/2015 01:13:40 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/06/2015 12:54:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error


System errors:
=============
Error: (09/06/2015 01:49:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/06/2015 01:14:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/06/2015 12:55:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (09/06/2015 12:20:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (09/05/2015 09:37:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/05/2015 09:37:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/05/2015 09:32:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/05/2015 09:32:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/04/2015 03:41:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (09/04/2015 03:19:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-07-24 18:47:07.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:47:06.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:45:39.110
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:45:37.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:45:20.975
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-24 18:45:20.538
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 34%
Total physical RAM: 3454.14 MB
Available physical RAM: 2277 MB
Total Virtual: 6906.59 MB
Available Virtual: 5607.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.98 GB) (Free:109.14 GB) NTFS
Drive d: () (Fixed) (Total:232.78 GB) (Free:189.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (Segate 1.5 Tb) (Fixed) (Total:1397.26 GB) (Free:1052.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 84315601)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 644A5262)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 06 September 2015 - 04:37 PM

I'm waiting for the ESET results.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users