Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seems like mmy computer gotr infected.


  • This topic is locked This topic is locked
20 replies to this topic

#1 digioleg

digioleg

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 27 November 2016 - 06:53 PM

The computer is working slow and somwetimes cannot connect to some web sites

Below is my highjack log file

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:47:18 PM, on 11/27/2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16526)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\nadia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 8934 bytes



BC AdBot (Login to Remove)

 


#2 digioleg

digioleg
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 29 November 2016 - 09:55 AM

I Hello,
Can somebody check and answer my problem?

Thanks
 
Mod Edit:  Merged posts - Hamluis.
Hello,
On page three under my nick I put my question any highjack file. Could you please see it?

Thanks

Edited by hamluis, 29 November 2016 - 11:24 AM.


#3 digioleg

digioleg
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 29 November 2016 - 11:40 AM

No sir. There is no such nick

#4 digioleg

digioleg
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 30 November 2016 - 11:25 AM

Hello,
One more time, can somebody help me with my problem on my computer?

Thanks

#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:26 AM

Posted 01 December 2016 - 05:20 PM

I'll give it a shot. Some ground rules as I go through this:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise. One thing to keep in mind, I'm still a student, so that might slow my responses a bit. The upside to that is you have to people looking at your problem.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
Unfortunately, HiJack This isn't used much these days. The scan needed is:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Also, so I know what sort of hardware you have, the following as well:

System Summary Information

--------------------
  • Press the windows key 2ekn24o.jpg + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click FileSave, and name the file Summary
  • Zip and attach the file to your reply
So copy and paste the FRST logs, and attach the Summary.

Edited by Bezukhov, 01 December 2016 - 05:23 PM.

To err is Human. To blame it on someone else is even more Human.

#6 digioleg

digioleg
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 02 December 2016 - 06:45 PM

Hello.I create summary file but I don't see how to attach it. Please let me know what to do. You can ask me questions about hardware I will find the answer. At the ,moment can say t5hat I have 32 bits Dell   Windows Vista 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2016
Ran by nadia (administrator) on NADIA-PC (02-12-2016 18:04:37)
Running from C:\Users\nadia\Downloads
Loaded Profiles: nadia (Available Profiles: nadia)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell) C:\Program Files\Battery Meter\BTMeter.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell) C:\Program Files\WSED\WSED.exe
(Compal Electronics, Inc) C:\Program Files\CapsLKNotify\CapsLKNotify.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Users\nadia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nadia\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\nadia\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7617056 2009-07-14] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)
HKLM\...\Run: [BTMeter] => C:\Program Files\Battery Meter\BTMeter.exe [632176 2009-09-16] (Dell)
HKLM\...\Run: [WSED] => C:\Program Files\WSED\WSED.exe [247080 2009-05-27] (Dell)
HKLM\...\Run: [CapsLKNotify] => C:\Program Files\CapsLKNotify\CapsLKNotify.exe [320880 2009-06-09] (Compal Electronics, Inc)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKU\S-1-5-21-2980491285-854049032-3524082423-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2424192 2011-06-02] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2980491285-854049032-3524082423-1000\...\Run: [Google Update] => C:\Users\nadia\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2016-08-08] (Google Inc.)
HKU\S-1-5-21-2980491285-854049032-3524082423-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2980491285-854049032-3524082423-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-20] (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{C38E0C25-8DCB-4DAD-AB6D-A0CF55A6466C}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{D71B9ECE-91DA-4E02-B3B5-0BFB9A101797}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2980491285-854049032-3524082423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2980491285-854049032-3524082423-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2980491285-854049032-3524082423-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2980491285-854049032-3524082423-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2980491285-854049032-3524082423-1000 -> DefaultScope {834D5D71-E74E-4AEB-AF4A-C26A26F4F232} URL = hxxp://www.google.com/#hl=en&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=581c98b851fa30a2
SearchScopes: HKU\S-1-5-21-2980491285-854049032-3524082423-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-2980491285-854049032-3524082423-1000 -> {834D5D71-E74E-4AEB-AF4A-C26A26F4F232} URL = hxxp://www.google.com/#hl=en&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=581c98b851fa30a2
SearchScopes: HKU\S-1-5-21-2980491285-854049032-3524082423-1000 -> {B730E2FB-931E-C117-652C-C429D0471E60} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll [2010-05-03] ()
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2980491285-854049032-3524082423-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-27] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-22] [not signed]
FF HKU\S-1-5-21-2980491285-854049032-3524082423-1000\...\Firefox\Extensions: [{E3FF42F2-3345-4CA4-AE37-26865A01180D}] - C:\Users\nadia\AppData\Local\{E3FF42F2-3345-4CA4-AE37-26865A01180D} => not found
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-08-20] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll [2010-05-17] (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
StartMenuInternet: Google Chrome - C:\Users\nadia\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [250616 2009-06-05] (WildTangent, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-06-03] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-21] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [17192 2007-10-25] (Windows ® Codename Longhorn DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [50176 2009-06-28] (Atheros Communications, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2010-07-15] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-02 18:08 - 2016-12-02 18:08 - 00000819 _____ C:\Users\nadia\Desktop\FRST - Shortcut.lnk
2016-12-02 18:05 - 2016-12-02 18:05 - 01761280 _____ (Farbar) C:\Users\nadia\Downloads\FRST (1).exe
2016-12-02 18:05 - 2016-12-02 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-12-02 18:04 - 2016-12-02 18:08 - 00018092 _____ C:\Users\nadia\Downloads\FRST.txt
2016-12-02 18:04 - 2016-12-02 18:04 - 00000000 ____D C:\FRST
2016-12-02 18:03 - 2016-12-02 18:03 - 01761280 _____ (Farbar) C:\Users\nadia\Downloads\FRST.exe
2016-11-27 18:38 - 2016-11-27 18:38 - 00001659 _____ C:\Users\nadia\Desktop\Command Prompt.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-02 18:03 - 2006-11-02 07:45 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-02 18:03 - 2006-11-02 07:45 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-02 18:03 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-12-02 18:03 - 2006-11-02 05:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-02 17:57 - 2012-08-09 12:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-02 17:57 - 2010-04-01 21:15 - 00029089 _____ C:\Windows\system32\Config.MPF
2016-12-02 17:57 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-27 18:56 - 2006-11-02 07:58 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-27 18:44 - 2011-02-05 12:05 - 00002523 _____ C:\Users\nadia\Desktop\HiJackThis.lnk
2016-11-27 18:34 - 2011-01-16 19:17 - 00000000 ____D C:\Program Files\Active PC Optimizer
2016-11-27 18:32 - 2014-09-20 15:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfd50ec7bb3150.job
2016-11-27 18:31 - 2012-08-09 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-27 18:26 - 2010-09-04 12:16 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2980491285-854049032-3524082423-1000UA.job
2016-11-27 18:22 - 2006-11-02 06:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-11-27 18:21 - 2012-10-31 11:42 - 00000000 ____D C:\Users\nadia\AppData\Roaming\Juniper Networks
2016-11-27 18:09 - 2011-11-13 16:52 - 00000000 ____D C:\Windows\Minidump
2016-11-27 18:07 - 2010-03-22 17:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2010-04-13 16:55 - 2011-08-07 11:56 - 0000114 _____ () C:\Users\nadia\AppData\Roaming\wklnhst.dat
2012-05-21 16:30 - 2012-05-21 16:30 - 0000680 _____ () C:\Users\nadia\AppData\Local\d3d9caps.dat
2011-12-31 22:44 - 2013-05-15 23:29 - 0005632 _____ () C:\Users\nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Users\nadia\AppData\Local\temp\SSUPDATE.EXE
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-12-02 18:02
 
==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-12-2016
Ran by nadia (02-12-2016 18:09:11)
Running from C:\Users\nadia\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) (2010-03-22 16:32:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2980491285-854049032-3524082423-500 - Administrator - Disabled)
Guest (S-1-5-21-2980491285-854049032-3524082423-501 - Limited - Disabled)
nadia (S-1-5-21-2980491285-854049032-3524082423-1000 - Administrator - Enabled) => C:\Users\nadia
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Battery Meter (HKLM\...\InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}) (Version: 0.0.1.4C - )
Battery Meter (Version: 0.0.1.4C - ) Hidden
CapsLKNotify (HKLM\...\InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}) (Version: 0.1.0.5 - Dell)
CapsLKNotify (Version: 0.1.0.5 - Dell) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
EMSC (Version: 0.0.0.20C - Compal Electronics, Inc.) Hidden
Function Keys (Version: 0.1.0.5 - Dell) Hidden
Google Chrome (HKU\S-1-5-21-2980491285-854049032-3524082423-1000\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Drive (HKLM\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
iCloud (HKLM\...\{5DDB3393-E08B-447E-925F-6C00B95D0FE7}) (Version: 2.1.1.3 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java™ 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.230 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Virtual Technician (HKLM\...\{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}) (Version: 5.5.2.0 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
ODD Eject (HKLM\...\InstallShield_{808B53B5-9E5F-4F99-A6B9-BDDF323EF229}) (Version: 0.1.0.3 - )
ODD Eject (Version: 0.1.0.3 - ) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5894 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.4 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebEx (HKU\S-1-5-21-2980491285-854049032-3524082423-1000\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
WildTangent Games (HKLM\...\WildTangent dell Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WSED (Version: 0.1.0.14 - ) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\nadia\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\nadia\AppData\Local\Google\Chrome\Application\32.0.1700.107\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2980491285-854049032-3524082423-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\nadia\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {8F39ADFE-186F-415F-A7DC-E9604A700592} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {AACDE148-3458-4BD8-9C7A-B069F05E2875} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-21] (Dell Inc.)
Task: {BF0C4702-626F-4F8F-AC22-D1B5F45B553F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2980491285-854049032-3524082423-1000UA => C:\Users\nadia\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-08] (Google Inc.)
Task: {CEC6CD2F-0E19-417F-8A07-D93813C07F05} - System32\Tasks\GoogleUpdateTaskMachineUA1cfd50ec7bb3150 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {F2E7BE63-1990-4B61-A3FD-6EDF44266E82} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2980491285-854049032-3524082423-1000Core => C:\Users\nadia\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-08] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfd50ec7bb3150.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2980491285-854049032-3524082423-1000Core.job => C:\Users\nadia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2980491285-854049032-3524082423-1000UA.job => C:\Users\nadia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{F17DD1E8-A819-4922-BB2C-DE4F2FAAAE7F}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-03-22 16:52 - 2008-12-21 13:34 - 00026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2010-03-22 16:52 - 2008-12-21 13:32 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2010-03-22 16:55 - 2009-02-04 15:30 - 00577536 _____ () C:\Windows\system32\EMSC.dll
2010-03-22 16:55 - 2009-02-04 15:30 - 00577536 _____ () C:\Windows\system32\EMSC.DLL
2010-10-03 09:31 - 2013-08-11 13:02 - 00063488 _____ () C:\Users\nadia\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-03 09:31 - 2010-10-03 09:31 - 00052224 _____ () C:\Users\nadia\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2011-01-16 18:27 - 2016-12-02 17:58 - 00052736 _____ () C:\Users\nadia\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
2014-02-04 23:46 - 2014-02-01 18:42 - 04055368 _____ () C:\Users\nadia\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 23:46 - 2014-02-01 18:42 - 00399688 _____ () C:\Users\nadia\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 23:46 - 2014-02-01 18:41 - 01634632 _____ () C:\Users\nadia\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-01-30 23:50 - 2014-01-30 23:50 - 04591616 _____ () C:\Users\nadia\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-01-30 23:50 - 2014-01-30 23:50 - 00112128 _____ () C:\Users\nadia\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:439E3411 [418]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2980491285-854049032-3524082423-1000\...\mcafee.com -> hxxps://mcafee.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2011-02-01 19:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2980491285-854049032-3524082423-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Dellwall1.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{7295D35C-2F64-4FE3-8F1B-9C0ADDFA9E61}] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9C8266AD-45FD-42CB-ACBF-6D1E9FFAF611}] => svchost.exe
FirewallRules: [{F4B24961-DD4A-4BBC-A454-31C78EFDA001}] => C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{FCC82816-304A-467C-9BA2-F87224F40159}] => C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{24F48FAF-2945-4964-893F-E978D0761D00}] => C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{C7934FBD-ED64-4992-8C50-C314978B4CB0}] => C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B0486C12-08D5-485C-AD78-9F908ADEAF1E}] => LPort=2869
FirewallRules: [{03C78975-2EC6-485A-AE22-41214EFE358D}] => LPort=1900
FirewallRules: [{FDEA07C5-9E31-4AE5-86A6-DBA149FCF08D}] => C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{3E294B0E-712B-4AF5-9107-B15BCFBC373E}] => LPort=80
FirewallRules: [{99AF7F1A-25CC-4E1D-A7A8-4987D542E45D}] => LPort=80
FirewallRules: [{EFC36678-E5BE-4B11-8EE7-4933A5EAC634}] => LPort=80
FirewallRules: [{1671F5DE-BA6A-44E7-98B3-4DAE0006E29C}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{4DFE7F03-8012-4FCA-9FBC-EDCC18C68808}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{DD2AAAFE-751B-4E1E-BE4F-C4486D18E8A6}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{34E21D01-8571-4DD1-A528-8E6E1FBAD00C}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2DAC63ED-98EE-4643-AED2-5CE6F01CB211}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
 
==================== Restore Points =========================
 
03-09-2013 09:09:53 Windows Backup
09-09-2013 14:49:05 Windows Update
18-09-2013 08:56:53 Windows Update
27-09-2013 11:57:43 Windows Modules Installer
23-12-2013 15:55:48 Windows Backup
24-01-2014 14:19:44 Windows Update
27-01-2014 14:16:40 Windows Update
20-09-2014 14:46:22 Windows Backup
08-08-2016 10:30:17 Windows Update
08-08-2016 11:40:52 Windows Backup
08-08-2016 14:59:39 Windows Update
08-08-2016 15:06:13 Removed Facebook Video Calling 3.1.0.521
08-08-2016 15:07:40 Removed Facebook Video Calling 3.1.0.521
08-08-2016 15:08:52 Removed iTunes
08-08-2016 15:19:20 Removed Ask Toolbar
08-08-2016 15:20:24 Removed Facebook Video Calling 3.1.0.521
08-08-2016 15:21:08 Removed Apple Application Support
08-08-2016 15:23:13 Removed Apple Mobile Device Support
08-08-2016 15:24:34 Removed Bonjour
08-08-2016 15:25:32 Removed Apple Software Update
08-08-2016 15:41:45 Windows Update
08-08-2016 16:10:47 Windows Backup
27-11-2016 18:24:48 Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
27-11-2016 18:26:16 Removed Google Drive
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2016 06:08:56 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: The backup location cannot be found or is not valid. Review your backup settings and check your hardware configuration. (0x81000006).
 
Error: (11/27/2016 06:55:53 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80070005.
 
Error: (11/27/2016 06:50:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\NADIA\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\HIJACKTHIS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/27/2016 06:50:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\NADIA\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\HIJACKTHIS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/08/2016 04:05:42 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service.
 
Context:  Application, SystemIndex Catalog
 
Details:
The content index service was stopped.   (0x80041812)
 
Error: (08/08/2016 04:05:22 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: There is not enough space to save the backup files. Free up disk space or change your backup settings. (0x81000005).
 
Error: (08/08/2016 04:10:51 PM) (Source: MsiInstaller) (EventID: 1024) (User: nadia-PC)
Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2754670)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/08/2016 04:10:50 PM) (Source: MsiInstaller) (EventID: 11706) (User: nadia-PC)
Description: Product: Microsoft Works -- Error 1706.No valid source could be found for product Microsoft Works.  The Windows installer cannot continue.
 
Error: (08/08/2016 03:40:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e70
Start Time: 01d1f1b50b840b70
Termination Time: 0
 
Error: (08/08/2016 03:23:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: nadia-PC)
Description: Event-ID 10007
 
 
System errors:
=============
Error: (12/02/2016 06:02:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
 
Error: (11/27/2016 06:42:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:40:46 PM on 11/27/2016 was unexpected.
 
Error: (11/27/2016 06:34:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ActivePCOptimizer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/27/2016 06:14:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
 
Error: (11/27/2016 06:10:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
 
Error: (08/08/2016 04:22:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {6295DF2D-35EE-11D1-8707-00C04FD93327} did not register with DCOM within the required timeout.
 
Error: (08/08/2016 04:21:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Event-ID 20
 
Error: (08/08/2016 04:21:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Event-ID 20
 
Error: (08/08/2016 04:11:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Event-ID 20
 
Error: (08/08/2016 04:07:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
==================== Memory info =========================== 
 
Processor: Genuine Intel® CPU U4100 @ 1.30GHz
Percentage of memory in use: 89%
Total physical RAM: 1976.15 MB
Available physical RAM: 198.69 MB
Total Virtual: 4191.57 MB
Available Virtual: 1794.56 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:41.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:0.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: A3C95239)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=134.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================r


#7 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:26 AM

Posted 02 December 2016 - 07:25 PM

Hello.I create summary file but I don't see how to attach it. Please let me know what to do. You can ask me questions about hardware I will find the answer. At the ,moment can say t5hat I have 32 bits Dell   Windows Vista

 
Try this:
 
How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are ready to post your response hit Reply and the file will be automatically attached to your reply

To err is Human. To blame it on someone else is even more Human.

#8 digioleg

digioleg
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 04 December 2016 - 11:34 AM

Summary file attached.

 

Thanks.



#9 digioleg

digioleg
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 04 December 2016 - 11:43 AM

Sorry, I have no permission to attach such file. Ask me your questions about hardware.

 

Thanks,

 



#10 digioleg

digioleg
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 04 December 2016 - 11:49 AM

at the moment I can say it is  Windows  Vista tm home bases

RAM 2 GB

Genuine Intel CPU U410 @ 1.30 GHz 1.30 GHz

 

32 bits



#11 digioleg

digioleg
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 04 December 2016 - 03:13 PM

This is attached summary file.

 

Thanks

Attached Files



#12 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:26 AM

Posted 04 December 2016 - 05:50 PM

I'm back. The bottom line is I'm not seeing anything in your logs that points to any kind of an infection. What I am seeing is a computer that might be showing its age. Vista is no longer supported by Microsoft, so that can be a potential security risk going forward. Also Vista is a resource hog, and, I hate to mention it, but this is not exactly a robust computer. Still, there are a few things we can try to make things better. One is an extra scan with something else, to see things from another angle, and a run a script with FRST, to double check a few things.

:step1:

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista/Windows7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
:step2:

Time for FRST.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt. Save it in the same place as FRST64.exe.
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system



sc qc AppMgmt
File: C:\Users\nadia\AppData\Roaming\wklnhst.dat
File: C:\ProgramData\TEMP:439E3411
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
:step3:

One more thing I would suggest is to uninstall Super Anti Spyware. This also consumes a lot of your computer's resources.

So for your next post please show me:

1) RKill.txt
2) Fixlog.txt
3) And if uninstalling Super Anti Spyware helps at all.

Edited by Bezukhov, 05 December 2016 - 08:53 AM.

To err is Human. To blame it on someone else is even more Human.

#13 digioleg

digioleg
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 06 December 2016 - 06:18 AM

One more question. The message always shows me that cannot make backup because D partition is full. What should I do with it? Delete all files from D and/or turn off backup process? And how can I do it?

 

Thanks



#14 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:26 AM

Posted 06 December 2016 - 11:57 AM

Please do not delete anything from that drive. Yes, Backup can, and should be shut off.

Disable Backup

  • Click Startvistastartbutton.jpg, type taskschd.msc in the Start Search box, and then press ENTER. 

    securityshield.jpg If you are prompted for an administrator password or confirmation, type your password, or click Continue.
  • In the Task Scheduler Microsoft Management Console (MMC) snap-in, expand Task Scheduler Library, expand Microsoft, expand Windows, and then click WindowsBackup.

    Note If no backup tasks are scheduled, the WindowsBackup folder may not be displayed.
  • Click the scheduled task, and then click Disable in the Actions pane.

Please follow the steps posted here:

https://www.bleepingcomputer.com/forums/t/633270/seems-like-mmy-computer-gotr-infected/#entry4133781 


To err is Human. To blame it on someone else is even more Human.

#15 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:26 AM

Posted 09 December 2016 - 07:14 PM

Do you still need help?


To err is Human. To blame it on someone else is even more Human.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users