Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: I don't know what it is, but something is going on. Help!!!!!

  1. #1
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default I don't know what it is, but something is going on. Help!!!!!

    This computer runs slowly intermittingly. In addition, it appears that the printer (HP 1320) isn't working properly, which makes me feel that some type of malware is affecting the printer. When we try to print, intended printed pages may or may not print proplerly. Instead of printing correctly, it will print uninterpreted data across either the top or bottom of the page. I've uninstalled the printer, and reinstalled it, which also makes me believe that it is malware. I've reinstalled via the disk and by downloading the drivers from HP. Please help.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
    Ran by Daddy (administrator) on ALEXANDRIA-PC on 04-01-2015 19:00:42
    Running from C:\Users\Daddy\Desktop
    Loaded Profile: Daddy (Available profiles: Alexandria & Daddy & Mommy & Kiwi & Pam)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Atheros) C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\acs.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
    () C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
    (Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Realtek Semiconductor) C:\Windows\RAVCpl64.exe
    (Primax Electronics Ltd.) C:\Windows\System32\ico.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Primax Electronics Ltd.) C:\Windows\System32\pmxmiced.exe
    (D-Link) C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-17] (Realtek Semiconductor)
    HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [91648 2006-11-08] (Primax Electronics Ltd.)
    HKLM\...\Run: [Skytel] => Skytel.exe
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [854704 2014-09-25] (Adobe Systems Incorporated)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
    ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe (D-Link)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4081211
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4081211
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.earthlink.net/
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM-x32 -> DefaultScope {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
    SearchScopes: HKLM-x32 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {00C4652F-C583-4174-B878-DB42E4CD2EE9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
    SearchScopes: HKU\.DEFAULT -> {00C4652F-C583-4174-B878-DB42E4CD2EE9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL =
    BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: vShare Plugin -> {043C5167-00BB-4324-AF7E-62013FAEDACF} -> C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
    BHO-x32: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPub.dll (EarthLink, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll (EarthLink, Inc.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll (EarthLink, Inc.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
    Toolbar: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - No File
    Toolbar: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
    DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/ca...WebManager.CAB
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...detect1263.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-12]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-12-27]
    FF StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR Profile: C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-28]
    CHR Extension: (Google Docs) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-28]
    CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-28]
    CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-28]
    CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-28]
    CHR Extension: (Google Sheets) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-28]
    CHR Extension: (SiteAdvisor) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-10-28]
    CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]
    CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-28]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-12-27]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACS; C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\acs.exe [368724 2006-03-21] (Atheros) [File not signed]
    R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-17] (Andrea Electronics Corporation)
    S2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
    R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
    S2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
    R2 D_Link DWA-182_WPS; C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-12] (WildTangent)
    R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S3 jswpsapi; C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
    S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [57344 2006-08-10] (Sonic Solutions) [File not signed]
    S2 Roxio Upnp Server 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe [294912 2006-08-10] (Sonic Solutions) [File not signed]
    S2 RoxLiveShare9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [303104 2006-08-10] (Sonic Solutions) [File not signed]
    R3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-08-10] (Sonic Solutions) [File not signed]
    R2 RoxWatch9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-08-10] (Sonic Solutions) [File not signed]
    S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-07-20] (MicroVision Development, Inc.) [File not signed]
    S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
    R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-08] (Sonic Solutions)
    R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-08] (Sonic Solutions)
    S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-01] (Sonic Solutions)
    R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-08] (Sonic Solutions)
    R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-08] (Sonic Solutions)
    R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-08] (Sonic Solutions)
    R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-08] (Sonic Solutions)
    R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-01] (Sonic Solutions)
    R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-08] (Sonic Solutions)
    R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-08] (Sonic Solutions)
    R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
    R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-01] (Sonic Solutions)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-05-27] (CACE Technologies, Inc.)
    R3 pmxmouse; C:\Windows\System32\DRIVERS\pmxmouse.sys [22016 2007-06-01] (Primax Electronics Ltd.)
    R3 pmxusblf; C:\Windows\System32\DRIVERS\pmxusblf.sys [24384 2007-05-24] (Primax Electronics Ltd.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
    S1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [58880 2006-08-09] (Sonic Solutions) [File not signed]
    S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-08-09] (Sonic Solutions) [File not signed]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-04 19:00 - 2015-01-04 19:01 - 00025616 _____ () C:\Users\Daddy\Desktop\FRST.txt
    2015-01-04 18:59 - 2015-01-04 19:00 - 00000000 ____D () C:\FRST
    2015-01-04 18:57 - 2015-01-04 18:57 - 02123776 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
    2015-01-04 18:56 - 2015-01-04 18:56 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALEXANDRIA-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
    2015-01-04 18:54 - 2015-01-04 18:54 - 00000000 ____D () C:\RegBackup
    2015-01-04 18:52 - 2015-01-04 18:52 - 00002072 _____ () C:\Users\Daddy\Desktop\Tweaking.com - Registry Backup.lnk
    2015-01-04 18:52 - 2015-01-04 18:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-04 18:52 - 2015-01-04 18:52 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-01-04 18:51 - 2015-01-04 18:51 - 04215584 _____ () C:\Users\Daddy\Desktop\tweaking.com_registry_backup_setup.exe
    2015-01-04 18:50 - 2015-01-04 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-12-10 22:01 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 22:01 - 2014-11-06 20:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-10 22:01 - 2014-11-03 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-10 22:01 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-10 21:58 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-12-10 21:58 - 2014-12-02 20:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-12-09 19:36 - 2014-11-24 17:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-09 19:36 - 2014-11-24 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-12-09 19:36 - 2014-11-24 16:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-09 19:36 - 2014-11-24 16:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-09 19:36 - 2014-11-24 16:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-09 19:36 - 2014-11-24 16:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-09 19:36 - 2014-11-24 16:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-09 19:36 - 2014-11-24 16:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-12-09 19:36 - 2014-11-24 16:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-09 19:36 - 2014-11-24 16:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-12-09 19:36 - 2014-11-24 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-09 19:36 - 2014-11-24 16:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-09 19:36 - 2014-11-24 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-12-09 19:36 - 2014-11-24 16:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-09 19:36 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-12-09 19:36 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-09 19:36 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-09 19:36 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-09 19:36 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-09 19:36 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-09 19:36 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-09 19:36 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-09 19:36 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-09 19:36 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-12-09 19:36 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-04 18:57 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-04 18:57 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-04 18:50 - 2012-12-27 21:43 - 00001753 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
    2015-01-04 18:44 - 2014-11-14 07:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job
    2015-01-04 18:44 - 2014-10-28 17:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-04 18:24 - 2014-11-14 07:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job
    2015-01-04 18:24 - 2014-10-28 17:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-04 18:19 - 2008-12-10 14:59 - 01958426 _____ () C:\Windows\WindowsUpdate.log
    2015-01-04 18:11 - 2008-12-19 21:44 - 00000000 ____D () C:\ProgramData\TEMP
    2015-01-04 18:11 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-03 00:05 - 2006-11-02 10:42 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-02 22:38 - 2011-05-28 20:18 - 00003726 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{42665F92-BF63-4B01-AAEA-076200736FC5}
    2014-12-18 22:38 - 2011-05-26 20:51 - 00003706 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4064726-62B2-443C-AB1B-D2F6ACC05261}
    2014-12-17 20:57 - 2008-12-20 01:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-12-16 19:23 - 2010-06-07 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-15 21:29 - 2014-10-28 17:14 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-15 21:25 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
    2014-12-11 20:36 - 2009-02-04 17:37 - 00002651 _____ () C:\Users\Alexandria\Desktop\Microsoft Office Word 2007.lnk
    2014-12-10 22:10 - 2008-12-10 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-10 22:09 - 2013-08-16 21:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 22:03 - 2006-11-02 07:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

    Some content of TEMP:
    ====================
    C:\Users\Daddy\AppData\Local\Temp\ANPDApi.dll
    C:\Users\Daddy\AppData\Local\Temp\eject.exe
    C:\Users\Daddy\AppData\Local\Temp\jre-6u12-windows-i586-p-iftw.exe
    C:\Users\Daddy\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe
    C:\Users\Daddy\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
    C:\Users\Daddy\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
    C:\Users\Kiwi\AppData\Local\Temp\SkypeSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-04 18:20

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
    Ran by Daddy at 2015-01-04 19:01:46
    Running from C:\Users\Daddy\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )
    AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)
    BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
    Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
    Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
    ccc-core-static (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
    Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
    Chessmaster Grandmaster Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
    Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
    Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Deal Info (x32 Version: 2008.1.22.0 - EarthLink, Inc) Hidden
    Dell Best of Web (HKLM-x32\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
    Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
    Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
    DELL0604 (x32 Version: 1.0.0 - WildTangent) Hidden
    Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
    Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
    DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
    D-Link DWA-182 (HKLM-x32\...\{508FC6A7-5080-4E8B-A25C-A4962D691E8B}) (Version: - D-Link)
    D-Link RangeBooster N DWA-542 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: 1.0b19 - D-Link)
    EarthLink Common Authentication (x32 Version: 1.0.87.0 - ) Hidden
    EarthLink Toolbar (HKLM-x32\...\{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}) (Version: - EarthLink, Inc.)
    EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
    EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
    HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPSSupply (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
    Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
    MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
    McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office XP Web Components (HKLM-x32\...\{90260409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6765.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
    Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
    Mouse Suite for Desktop Computers (HKLM-x32\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
    MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
    Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
    Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
    Roxio Easy Media Creator 9 Suite (HKLM-x32\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.088 - Roxio, Inc.)
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
    Skins (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
    Skype web features (HKLM-x32\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
    Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{6DBDC768-CE21-4F59-A819-1CFD5D97C84B}) (Version: 1.0.5 - Smith Micro Software, Inc.)
    VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
    vShare Plugin (HKLM-x32\...\vShare) (Version: - )
    VZAccess Manager (HKLM-x32\...\{780F9A1C-6BFE-4691-83A9-095D859E3052}) (Version: 7.3.13.1 - Smith Micro Software Inc.)
    WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.62 - WildTangent)
    WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.10.5 - WildTangent)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    Xingtone Ringtone Maker (HKLM-x32\...\{625304B0-2976-473B-AD81-5CA376093F03}) (Version: 4.2.19 - Xingtone)
    Your Image Alexandria Biggs (HKLM-x32\...\Your Image Alexandria Biggs 1.0.5) (Version: 1.0.5 - Herff Jones Photography)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

    ==================== Restore Points =========================

    17-10-2014 21:44:34 Scheduled Checkpoint
    24-10-2014 17:25:08 Scheduled Checkpoint
    25-10-2014 10:23:25 Scheduled Checkpoint
    26-10-2014 11:22:46 Scheduled Checkpoint
    27-10-2014 18:04:53 Scheduled Checkpoint
    28-10-2014 17:46:33 Scheduled Checkpoint
    29-10-2014 19:56:49 Scheduled Checkpoint
    11-11-2014 16:15:50 Scheduled Checkpoint
    13-11-2014 20:48:14 Windows Update
    19-11-2014 20:43:44 Windows Update
    22-11-2014 20:58:53 Scheduled Checkpoint
    23-11-2014 14:45:20 Scheduled Checkpoint
    25-11-2014 15:43:48 Scheduled Checkpoint
    03-12-2014 20:32:18 Scheduled Checkpoint
    05-12-2014 00:00:01 Scheduled Checkpoint
    06-12-2014 00:00:01 Scheduled Checkpoint
    07-12-2014 00:00:01 Scheduled Checkpoint
    09-12-2014 20:50:11 Scheduled Checkpoint
    10-12-2014 21:45:44 Windows Update
    16-12-2014 19:18:29 Windows Update
    18-12-2014 21:59:01 Scheduled Checkpoint
    01-01-2015 23:57:00 Scheduled Checkpoint
    03-01-2015 00:00:02 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02EB2F37-FD79-49FA-B845-D7ABC87D5177} - System32\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {382E8142-8871-407F-8992-13E8C8046B89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {3A8FDE56-B58C-48CB-8C64-5841DCDE6EBB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kiwi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
    Task: {58B1F29D-65E3-41E7-ADE2-7AF8D6C7623E} - System32\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {A8BD85F8-0C64-4DF2-8D55-CEB1805B5F1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {AEBBA7E9-4EB8-48D0-A624-F073E60DE288} - System32\Tasks\{D9C16D89-DFB3-4968-9E50-0D7E9D9CA1CB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {EA65C3C5-B7E5-481D-91DE-006BCA013FF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2007-09-14 14:35 - 2007-09-14 14:35 - 05730304 _____ () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
    2013-07-20 22:39 - 2010-07-12 13:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
    2009-05-19 22:53 - 2006-08-08 08:18 - 00049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
    2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
    2008-12-10 22:27 - 2008-07-24 06:49 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2006-08-10 10:37 - 2006-08-10 10:37 - 04587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    2010-07-07 19:52 - 2006-05-07 04:56 - 00073728 _____ () C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\WlanDll.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
    AlternateDataStreams: C:\Users\Daddy\Desktop\2010-12 (Dec):Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Desktop\2011-09 (Sep):Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Desktop\2011-12 (Dec):Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\Add-in Express:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\BlackBerry:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\New Folder:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\SightSpeed Recordings:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Mommy\Documents\Gayle:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Mommy\Documents\My Scans:Roxio EMC Stream

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: E6TaskPanel => "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" -winstart
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    MSCONFIG\startupreg: IPInSightLAN 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
    MSCONFIG\startupreg: IPInSightMonitor 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPMon32.exe"
    MSCONFIG\startupreg: mcagent_exe => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: PMX Daemon => ICO.EXE
    MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
    MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    MSCONFIG\startupreg: Skytel => Skytel.exe
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2852057853-1305795303-3146060363-500 - Administrator - Disabled)
    Alexandria (S-1-5-21-2852057853-1305795303-3146060363-1003 - Limited - Enabled) => C:\Users\Alexandria
    ASPNET (S-1-5-21-2852057853-1305795303-3146060363-1009 - Limited - Enabled)
    Daddy (S-1-5-21-2852057853-1305795303-3146060363-1004 - Administrator - Enabled) => C:\Users\Daddy
    Guest (S-1-5-21-2852057853-1305795303-3146060363-501 - Limited - Disabled)
    Kiwi (S-1-5-21-2852057853-1305795303-3146060363-1010 - Limited - Enabled) => C:\Users\Kiwi
    Mommy (S-1-5-21-2852057853-1305795303-3146060363-1007 - Limited - Enabled) => C:\Users\Mommy
    Pam (S-1-5-21-2852057853-1305795303-3146060363-1011 - Limited - Enabled) => C:\Users\Pam

    ==================== Faulty Device Manager Devices =============

    Name: isatap.earthlink.net
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.earthlink.net
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/04/2015 06:44:29 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (01/04/2015 06:13:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/03/2015 00:05:08 AM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (01/01/2015 09:04:09 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2015 09:04:09 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2015 08:26:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/18/2014 09:28:15 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (12/18/2014 08:49:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/17/2014 10:56:13 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (12/17/2014 10:10:15 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{3734EC01-2376-4599-9BCA-E78ACC409196}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


    System errors:
    =============
    Error: (01/04/2015 06:54:06 PM) (Source: netbt) (EventID: 4321) (User: )
    Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
    The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
    this computer.

    Error: (01/04/2015 06:54:06 PM) (Source: netbt) (EventID: 4321) (User: )
    Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
    The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
    this computer.

    Error: (01/04/2015 06:51:44 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/04/2015 06:51:44 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/04/2015 06:46:02 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

    Error: (01/04/2015 06:44:09 PM) (Source: netbt) (EventID: 4321) (User: )
    Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
    The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
    this computer.

    Error: (01/04/2015 06:44:05 PM) (Source: netbt) (EventID: 4321) (User: )
    Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
    The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
    this computer.

    Error: (01/04/2015 06:34:00 PM) (Source: netbt) (EventID: 4321) (User: )
    Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
    The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
    this computer.

    Error: (01/04/2015 06:33:56 PM) (Source: netbt) (EventID: 4321) (User: )
    Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
    The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
    this computer.

    Error: (01/04/2015 06:23:08 PM) (Source: netbt) (EventID: 4321) (User: )
    Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
    The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
    this computer.


    Microsoft Office Sessions:
    =========================
    Error: (11/03/2012 02:14:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (07/21/2011 02:01:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (07/21/2011 02:00:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-04 18:11:38.152
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-01-04 18:11:37.934
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-01-01 20:24:43.404
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-01-01 20:24:43.185
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-18 20:47:40.152
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-18 20:47:39.934
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-17 20:57:26.386
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-17 20:57:26.168
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-16 19:13:09.262
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-16 19:13:09.043
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Percentage of memory in use: 54%
    Total physical RAM: 4093.27 MB
    Available physical RAM: 1862.13 MB
    Total Pagefile: 8359.79 MB
    Available Pagefile: 5791.71 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:455.7 GB) (Free:320.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.23 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 98000000)
    Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-01-04 19:08:27
    -----------------------------
    19:08:27.340 OS Version: Windows x64 6.0.6002 Service Pack 2
    19:08:27.340 Number of processors: 4 586 0xF0B
    19:08:27.340 ComputerName: ALEXANDRIA-PC UserName: Daddy
    19:08:30.039 Initialize success
    19:08:30.570 VM: initialized successfully
    19:08:30.570 VM: Intel CPU supported
    19:09:06.907 VM: disk I/O atapi.sys
    19:15:11.144 The log file has been saved successfully to "C:\Users\Daddy\Desktop\aswMBR.txt"


    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-01-04 19:08:27
    -----------------------------
    19:08:27.340 OS Version: Windows x64 6.0.6002 Service Pack 2
    19:08:27.340 Number of processors: 4 586 0xF0B
    19:08:27.340 ComputerName: ALEXANDRIA-PC UserName: Daddy
    19:08:30.039 Initialize success
    19:08:30.570 VM: initialized successfully
    19:08:30.570 VM: Intel CPU supported
    19:09:06.907 VM: disk I/O atapi.sys
    19:15:11.144 The log file has been saved successfully to "C:\Users\Daddy\Desktop\aswMBR.txt"
    19:19:46.461 AVAST engine defs: 15010401
    19:20:06.601 The log file has been saved successfully to "C:\Users\Daddy\Desktop\aswMBR.txt"
    Bigalo

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    I see a few things going on, lets run these tools and clean you up some and then go from there



    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ===============================================================================


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.




    ===============================================================================

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished click on VIEW DETAILED LOG
    • When it opens click on COPY TO CLIPBOARD
    • Then paste the log back into this thread for review
    • Exit Malwarebytes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default

    Thanks Ken. after reviewing everything, do you think that the reason that i can't access certain sites, facebook, att, etc... is a result of my issues? The logs are as follows:


    # AdwCleaner v4.106 - Report created 05/01/2015 at 11:31:48
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # Username : Daddy - ALEXANDRIA-PC
    # Running from : C:\Users\Daddy\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\ProgramData\ParetoLogic
    [!] Folder Deleted : C:\Program Files (x86)\vShare
    [!] Folder Deleted : C:\Users\Alexandria\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\Alexandria\AppData\LocalLow\vShare
    [!] Folder Deleted : C:\Users\Daddy\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\Daddy\AppData\LocalLow\vShare
    [!] Folder Deleted : C:\Users\Daddy\AppData\Roaming\DriverCure
    [!] Folder Deleted : C:\Users\Daddy\AppData\Roaming\ParetoLogic
    [!] Folder Deleted : C:\Users\Kiwi\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\Kiwi\AppData\LocalLow\vShare
    [!] Folder Deleted : C:\Users\Mommy\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\Mommy\AppData\LocalLow\vShare
    [!] Folder Deleted : C:\Users\Pam\AppData\LocalLow\vShare
    File Deleted : C:\Windows\Uninstall.exe

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy
    Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1
    Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
    Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
    Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
    Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\vShare
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\SOFTWARE\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16599


    -\\ Google Chrome v39.0.2171.95

    [C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [9436 octets] - [05/01/2015 11:28:49]
    AdwCleaner[S0].txt - [7367 octets] - [05/01/2015 11:31:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7427 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows (TM) Vista Home Premium x64
    Ran by Daddy on Mon 01/05/2015 at 11:41:53.06
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\ELNKTOOLBARHELPER.EXE-0663748D.pf
    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{524BD9DB-0682-4FCB-BA1C-D82B75E770D3}
    Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{5ADD868F-B6E6-4113-B08C-16668E703AEE}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/05/2015 at 11:47:50.95
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/5/2015
    Scan Time: 11:53:59 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.05.08
    Rootkit Database: v2014.12.30.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Daddy

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 572709
    Time Elapsed: 35 min, 41 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 8
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
    PUP.Optional.ArcadeSafari.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Arcadesafari, , [2ba182717a0f39fd89c3e770b05328d8],

    Registry Values: 7
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, , [cefec82ba2e71e18e3600dd54ab803fd]
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, , [cefec82ba2e71e18e3600dd54ab803fd]
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, , [cefec82ba2e71e18e3600dd54ab803fd]
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [fcd021d25732181ecc77786ad62c35cb],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [6a62e50e5e2b75c1f251b52d71913dc3],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [b21a945fff8a0333b98aba2831d1946c],
    PUP.Optional.ArcadeSafari.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|module@com.arcadesafari.firefox, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox, , [e0ec569dddacee4883af18cc4eb61ee2]

    Registry Data: 0
    (No malicious items detected)

    Folders: 7
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\locale, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\locale\en-US, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\skin, , [2ba182717a0f39fd89c3e770b05328d8],

    Files: 16
    PUP.Optional.OpenCandy, C:\Users\Alexandria\AppData\Local\Temp\27CD6B81-465A-4603-8F45-B5DE68D0CE8D\OCSetupHlp.dll, , [854773808cfd66d0fb7c2e811fe611ef],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariGames.exe, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariLinkz.dll, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadeSafariPE.dll, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariUninstall.exe, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\preference.dat, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome.manifest, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\install.rdf, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\main.xul, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module0.js, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module1.js, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module2.js, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module3.js, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module4.js, , [2ba182717a0f39fd89c3e770b05328d8],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\skin\style.css, , [2ba182717a0f39fd89c3e770b05328d8],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    Bigalo

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You sure had a lot of junk the scans removed , just concerned about Malwarebytes as I cant see if it Quarantined those items, did you follow the instructions to quarantine all those entries, if not run Malwarebytes again and make sure it removes it all.

    All this junk could be part of your problem, lets wait and see

    After Malwarebytes quarantines those entries and the scan comes back clean, run a new scan with FRST, make sure you checkmark Additions and post both new logs and lets see if there is any more to do
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default

    I forgot to hit the quaurantine all button on the previous scans. The logs are as follows:



    LastRegBack: 2015-01-05 19:56

    ==================== End Of Log ============================

    24-10-2014 17:25:08 Scheduled Checkpoint
    25-10-2014 10:23:25 Scheduled Checkpoint
    26-10-2014 11:22:46 Scheduled Checkpoint
    27-10-2014 18:04:53 Scheduled Checkpoint
    28-10-2014 17:46:33 Scheduled Checkpoint
    29-10-2014 19:56:49 Scheduled Checkpoint
    11-11-2014 16:15:50 Scheduled Checkpoint
    13-11-2014 20:48:14 Windows Update
    19-11-2014 20:43:44 Windows Update
    22-11-2014 20:58:53 Scheduled Checkpoint
    23-11-2014 14:45:20 Scheduled Checkpoint
    25-11-2014 15:43:48 Scheduled Checkpoint
    03-12-2014 20:32:18 Scheduled Checkpoint
    05-12-2014 00:00:01 Scheduled Checkpoint
    06-12-2014 00:00:01 Scheduled Checkpoint
    07-12-2014 00:00:01 Scheduled Checkpoint
    09-12-2014 20:50:11 Scheduled Checkpoint
    10-12-2014 21:45:44 Windows Update
    16-12-2014 19:18:29 Windows Update
    18-12-2014 21:59:01 Scheduled Checkpoint
    01-01-2015 23:57:00 Scheduled Checkpoint
    03-01-2015 00:00:02 Scheduled Checkpoint
    05-01-2015 00:31:34 Scheduled Checkpoint
    05-01-2015 13:17:50 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02EB2F37-FD79-49FA-B845-D7ABC87D5177} - System32\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {382E8142-8871-407F-8992-13E8C8046B89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {3A8FDE56-B58C-48CB-8C64-5841DCDE6EBB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kiwi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
    Task: {58B1F29D-65E3-41E7-ADE2-7AF8D6C7623E} - System32\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {A8BD85F8-0C64-4DF2-8D55-CEB1805B5F1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {AEBBA7E9-4EB8-48D0-A624-F073E60DE288} - System32\Tasks\{D9C16D89-DFB3-4968-9E50-0D7E9D9CA1CB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {EA65C3C5-B7E5-481D-91DE-006BCA013FF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2007-09-14 14:35 - 2007-09-14 14:35 - 05730304 _____ () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
    2013-07-20 22:39 - 2010-07-12 13:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
    2009-05-19 22:53 - 2006-08-08 08:18 - 00049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
    2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
    2008-12-10 22:27 - 2008-07-24 06:49 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2006-08-10 10:37 - 2006-08-10 10:37 - 04587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    2010-07-07 19:52 - 2006-05-07 04:56 - 00073728 _____ () C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\WlanDll.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
    AlternateDataStreams: C:\Users\Daddy\Desktop\2010-12 (Dec):Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Desktop\2011-09 (Sep):Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Desktop\2011-12 (Dec):Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\Add-in Express:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\BlackBerry:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\New Folder:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\SightSpeed Recordings:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Mommy\Documents\Gayle:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Mommy\Documents\My Scans:Roxio EMC Stream

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: E6TaskPanel => "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" -winstart
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    MSCONFIG\startupreg: IPInSightLAN 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
    MSCONFIG\startupreg: IPInSightMonitor 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPMon32.exe"
    MSCONFIG\startupreg: mcagent_exe => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: PMX Daemon => ICO.EXE
    MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
    MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    MSCONFIG\startupreg: Skytel => Skytel.exe
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2852057853-1305795303-3146060363-500 - Administrator - Disabled)
    Alexandria (S-1-5-21-2852057853-1305795303-3146060363-1003 - Limited - Enabled) => C:\Users\Alexandria
    ASPNET (S-1-5-21-2852057853-1305795303-3146060363-1009 - Limited - Enabled)
    Daddy (S-1-5-21-2852057853-1305795303-3146060363-1004 - Administrator - Enabled) => C:\Users\Daddy
    Guest (S-1-5-21-2852057853-1305795303-3146060363-501 - Limited - Disabled)
    Kiwi (S-1-5-21-2852057853-1305795303-3146060363-1010 - Limited - Enabled) => C:\Users\Kiwi
    Mommy (S-1-5-21-2852057853-1305795303-3146060363-1007 - Limited - Enabled) => C:\Users\Mommy
    Pam (S-1-5-21-2852057853-1305795303-3146060363-1011 - Limited - Enabled) => C:\Users\Pam

    ==================== Faulty Device Manager Devices =============

    Name: isatap.earthlink.net
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.earthlink.net
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/05/2015 07:52:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (01/05/2015 08:00:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: McAfee Scanner%%1053

    Error: (01/05/2015 08:00:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000McAfee Scanner

    Error: (01/05/2015 08:00:34 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053MCODS{C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

    Error: (01/05/2015 07:57:12 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 07:57:12 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 07:54:20 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 07:54:20 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 07:54:16 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 07:54:16 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 07:52:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: RxFilter


    Microsoft Office Sessions:
    =========================
    Error: (11/03/2012 02:14:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (07/21/2011 02:01:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (07/21/2011 02:00:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-05 19:59:39.452
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 19:59:39.233
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 19:59:38.968
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 19:59:38.750
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 19:51:14.416
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 19:51:14.197
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 19:51:13.979
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 19:51:13.760
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 19:49:43.497
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-01-05 19:49:43.279
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Percentage of memory in use: 57%
    Total physical RAM: 4093.27 MB
    Available physical RAM: 1749.15 MB
    Total Pagefile: 8359.79 MB
    Available Pagefile: 5336.95 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:455.7 GB) (Free:317.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.23 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 98000000)
    Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/5/2015
    Scan Time: 6:17:31 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.05.13
    Rootkit Database: v2014.12.30.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Daddy

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 572868
    Time Elapsed: 27 min, 48 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 8
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
    PUP.Optional.ArcadeSafari.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Arcadesafari, Quarantined, [5d7432c1f99073c384f53f1824dfd729],

    Registry Values: 7
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0]
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0]
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0]
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [ece5688bb5d4979f323e469cdb27a060],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [6b665d964d3c6accd19f82603dc542be],
    PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [16bbf9faf69306305c14e2004eb4d62a],
    PUP.Optional.ArcadeSafari.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|module@com.arcadesafari.firefox, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox, Quarantined, [dcf5589bbbcebc7a2361786c739151af]

    Registry Data: 0
    (No malicious items detected)

    Folders: 7
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari, Delete-on-Reboot, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox, Delete-on-Reboot, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome, Delete-on-Reboot, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\locale, Delete-on-Reboot, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\locale\en-US, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\skin, Quarantined, [5d7432c1f99073c384f53f1824dfd729],

    Files: 16
    PUP.Optional.OpenCandy, C:\Users\Alexandria\AppData\Local\Temp\27CD6B81-465A-4603-8F45-B5DE68D0CE8D\OCSetupHlp.dll, Quarantined, [3c95688bd4b5dd5902ceac03887dd030],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariGames.exe, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariLinkz.dll, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadeSafariPE.dll, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariUninstall.exe, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\preference.dat, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome.manifest, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\install.rdf, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\main.xul, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module0.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module1.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module2.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module3.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module4.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
    PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\skin\style.css, Quarantined, [5d7432c1f99073c384f53f1824dfd729],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    Bigalo

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    OK, good job on Malwarebytes, open it, check for Updates and run another Threat scan, lets hope it comes back clean

    Your FRST logs where incomplete

    Open FRST, checkmark additions and run a new scan and post both the FRST and the Additions logs please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default

    The logs are as follows:


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
    Ran by Daddy (administrator) on ALEXANDRIA-PC on 05-01-2015 20:39:58
    Running from C:\Users\Daddy\Desktop
    Loaded Profile: Daddy (Available profiles: Alexandria & Daddy & Mommy & Kiwi & Pam)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Atheros) C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\acs.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
    () C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
    (Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Realtek Semiconductor) C:\Windows\RAVCpl64.exe
    (Primax Electronics Ltd.) C:\Windows\System32\ico.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Primax Electronics Ltd.) C:\Windows\System32\pmxmiced.exe
    (D-Link) C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-17] (Realtek Semiconductor)
    HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [91648 2006-11-08] (Primax Electronics Ltd.)
    HKLM\...\Run: [Skytel] => Skytel.exe
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
    ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe (D-Link)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4081211
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4081211
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.earthlink.net/
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM-x32 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {00C4652F-C583-4174-B878-DB42E4CD2EE9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> DefaultScope {0D511AB5-9340-4673-94D9-7D25FA1AE649} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {0D511AB5-9340-4673-94D9-7D25FA1AE649} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL =
    BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
    BHO-x32: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPub.dll (EarthLink, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll (EarthLink, Inc.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll (EarthLink, Inc.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
    Toolbar: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - No File
    DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/ca...WebManager.CAB
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...detect1263.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-12]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-12-27]
    FF StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B211US105D20140710&p={searchTerms}
    CHR Profile: C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-28]
    CHR Extension: (Google Docs) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-28]
    CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-04]
    CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-28]
    CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-28]
    CHR Extension: (Google Sheets) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-28]
    CHR Extension: (SiteAdvisor) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-10-28]
    CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]
    CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-28]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-12-27]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACS; C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\acs.exe [368724 2006-03-21] (Atheros) [File not signed]
    R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-17] (Andrea Electronics Corporation)
    S2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
    R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
    S2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
    R2 D_Link DWA-182_WPS; C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-12] (WildTangent)
    R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S3 jswpsapi; C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
    S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [57344 2006-08-10] (Sonic Solutions) [File not signed]
    S2 Roxio Upnp Server 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe [294912 2006-08-10] (Sonic Solutions) [File not signed]
    S2 RoxLiveShare9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [303104 2006-08-10] (Sonic Solutions) [File not signed]
    R3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-08-10] (Sonic Solutions) [File not signed]
    R2 RoxWatch9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-08-10] (Sonic Solutions) [File not signed]
    S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-07-20] (MicroVision Development, Inc.) [File not signed]
    S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
    R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-08] (Sonic Solutions)
    R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-08] (Sonic Solutions)
    S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-01] (Sonic Solutions)
    R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-08] (Sonic Solutions)
    R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-08] (Sonic Solutions)
    R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-08] (Sonic Solutions)
    R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-08] (Sonic Solutions)
    R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-01] (Sonic Solutions)
    R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-08] (Sonic Solutions)
    R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-08] (Sonic Solutions)
    R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
    R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-01] (Sonic Solutions)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-05-27] (CACE Technologies, Inc.)
    R3 pmxmouse; C:\Windows\System32\DRIVERS\pmxmouse.sys [22016 2007-06-01] (Primax Electronics Ltd.)
    R3 pmxusblf; C:\Windows\System32\DRIVERS\pmxusblf.sys [24384 2007-05-24] (Primax Electronics Ltd.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
    S1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [58880 2006-08-09] (Sonic Solutions) [File not signed]
    S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-08-09] (Sonic Solutions) [File not signed]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-05 20:39 - 2015-01-05 20:40 - 00026404 _____ () C:\Users\Daddy\Desktop\FRST.txt
    2015-01-05 20:02 - 2015-01-05 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2015-01-05 19:59 - 2015-01-05 20:00 - 00000000 ____D () C:\Users\Daddy\Documents\Test
    2015-01-05 11:52 - 2015-01-05 20:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-05 11:51 - 2015-01-05 18:16 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-05 11:51 - 2015-01-05 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-05 11:51 - 2015-01-05 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-05 11:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-05 11:51 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-05 11:51 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-05 11:49 - 2015-01-05 11:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daddy\Desktop\mbam-setup-2.0.4.1028.exe
    2015-01-05 11:47 - 2015-01-05 11:47 - 00000997 _____ () C:\Users\Daddy\Desktop\JRT.txt
    2015-01-05 11:41 - 2015-01-05 11:41 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-05 11:40 - 2015-01-05 11:40 - 01707939 _____ (Thisisu) C:\Users\Daddy\Desktop\JRT.exe
    2015-01-05 11:36 - 2015-01-05 11:36 - 00007507 _____ () C:\Users\Daddy\Desktop\AdwCleaner[S0].txt
    2015-01-05 11:28 - 2015-01-05 11:31 - 00000000 ____D () C:\AdwCleaner
    2015-01-05 11:27 - 2015-01-05 11:27 - 02173952 _____ () C:\Users\Daddy\Desktop\AdwCleaner.exe
    2015-01-04 19:15 - 2015-01-04 19:20 - 00001270 _____ () C:\Users\Daddy\Desktop\aswMBR.txt
    2015-01-04 19:05 - 2015-01-04 19:07 - 05198336 _____ (AVAST Software) C:\Users\Daddy\Desktop\aswMBR.exe
    2015-01-04 18:59 - 2015-01-05 20:40 - 00000000 ____D () C:\FRST
    2015-01-04 18:57 - 2015-01-04 18:57 - 02123776 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
    2015-01-04 18:56 - 2015-01-04 18:56 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALEXANDRIA-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
    2015-01-04 18:54 - 2015-01-04 18:54 - 00000000 ____D () C:\RegBackup
    2015-01-04 18:52 - 2015-01-04 18:52 - 00002072 _____ () C:\Users\Daddy\Desktop\Tweaking.com - Registry Backup.lnk
    2015-01-04 18:52 - 2015-01-04 18:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-04 18:52 - 2015-01-04 18:52 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-01-04 18:51 - 2015-01-04 18:51 - 04215584 _____ () C:\Users\Daddy\Desktop\tweaking.com_registry_backup_setup.exe
    2014-12-10 22:01 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 22:01 - 2014-11-06 20:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-10 22:01 - 2014-11-03 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-10 22:01 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-10 21:58 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-12-10 21:58 - 2014-12-02 20:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-12-09 19:36 - 2014-11-24 17:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-09 19:36 - 2014-11-24 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-12-09 19:36 - 2014-11-24 16:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-09 19:36 - 2014-11-24 16:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-09 19:36 - 2014-11-24 16:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-09 19:36 - 2014-11-24 16:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-09 19:36 - 2014-11-24 16:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-09 19:36 - 2014-11-24 16:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-12-09 19:36 - 2014-11-24 16:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-09 19:36 - 2014-11-24 16:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-12-09 19:36 - 2014-11-24 16:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-12-09 19:36 - 2014-11-24 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-09 19:36 - 2014-11-24 16:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-09 19:36 - 2014-11-24 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-12-09 19:36 - 2014-11-24 16:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-09 19:36 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-12-09 19:36 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-09 19:36 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-09 19:36 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-09 19:36 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-09 19:36 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-09 19:36 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-09 19:36 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-09 19:36 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-09 19:36 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-09 19:36 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-09 19:36 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-12-09 19:36 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-05 20:24 - 2014-11-14 07:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job
    2015-01-05 20:24 - 2014-10-28 17:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-05 20:02 - 2012-12-27 21:43 - 00001753 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
    2015-01-05 19:58 - 2008-12-10 14:59 - 01981973 _____ () C:\Windows\WindowsUpdate.log
    2015-01-05 19:52 - 2014-11-14 07:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job
    2015-01-05 19:52 - 2014-10-28 17:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-05 19:50 - 2008-12-19 21:44 - 00000000 ____D () C:\ProgramData\TEMP
    2015-01-05 19:49 - 2008-01-20 22:26 - 00214924 _____ () C:\Windows\PFRO.log
    2015-01-05 19:49 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-05 19:49 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-05 19:49 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-05 19:48 - 2006-11-02 10:42 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-05 19:39 - 2006-11-02 10:07 - 00000000 ____D () C:\Windows\Performance
    2015-01-05 11:51 - 2012-01-02 19:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-02 22:38 - 2011-05-28 20:18 - 00003726 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{42665F92-BF63-4B01-AAEA-076200736FC5}
    2014-12-18 22:38 - 2011-05-26 20:51 - 00003706 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4064726-62B2-443C-AB1B-D2F6ACC05261}
    2014-12-17 20:57 - 2008-12-20 01:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-12-16 19:23 - 2010-06-07 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-15 21:29 - 2014-10-28 17:14 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-15 21:25 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
    2014-12-11 20:36 - 2009-02-04 17:37 - 00002651 _____ () C:\Users\Alexandria\Desktop\Microsoft Office Word 2007.lnk
    2014-12-10 22:10 - 2008-12-10 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-10 22:09 - 2013-08-16 21:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 22:03 - 2006-11-02 07:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

    Some content of TEMP:
    ====================
    C:\Users\Daddy\AppData\Local\Temp\ANPDApi.dll
    C:\Users\Daddy\AppData\Local\Temp\eject.exe
    C:\Users\Daddy\AppData\Local\Temp\jre-6u12-windows-i586-p-iftw.exe
    C:\Users\Daddy\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe
    C:\Users\Daddy\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
    C:\Users\Daddy\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
    C:\Users\Daddy\AppData\Local\Temp\Quarantine.exe
    C:\Users\Daddy\AppData\Local\Temp\sqlite3.dll
    C:\Users\Kiwi\AppData\Local\Temp\SkypeSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-05 20:02

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
    Ran by Daddy at 2015-01-05 20:40:48
    Running from C:\Users\Daddy\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )
    AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)
    BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
    Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
    Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
    ccc-core-static (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
    Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
    Chessmaster Grandmaster Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
    Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
    Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Deal Info (x32 Version: 2008.1.22.0 - EarthLink, Inc) Hidden
    Dell Best of Web (HKLM-x32\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
    Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
    Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
    DELL0604 (x32 Version: 1.0.0 - WildTangent) Hidden
    Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
    Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
    DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
    D-Link DWA-182 (HKLM-x32\...\{508FC6A7-5080-4E8B-A25C-A4962D691E8B}) (Version: - D-Link)
    D-Link RangeBooster N DWA-542 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: 1.0b19 - D-Link)
    EarthLink Common Authentication (x32 Version: 1.0.87.0 - ) Hidden
    EarthLink Toolbar (HKLM-x32\...\{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}) (Version: - EarthLink, Inc.)
    EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
    EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
    HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPSSupply (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
    Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
    McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office XP Web Components (HKLM-x32\...\{90260409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6765.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
    Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
    Mouse Suite for Desktop Computers (HKLM-x32\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
    MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
    Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
    Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
    Roxio Easy Media Creator 9 Suite (HKLM-x32\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.088 - Roxio, Inc.)
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
    Skins (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
    Skype web features (HKLM-x32\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
    Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{6DBDC768-CE21-4F59-A819-1CFD5D97C84B}) (Version: 1.0.5 - Smith Micro Software, Inc.)
    VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
    VZAccess Manager (HKLM-x32\...\{780F9A1C-6BFE-4691-83A9-095D859E3052}) (Version: 7.3.13.1 - Smith Micro Software Inc.)
    WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.62 - WildTangent)
    WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.10.5 - WildTangent)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    Xingtone Ringtone Maker (HKLM-x32\...\{625304B0-2976-473B-AD81-5CA376093F03}) (Version: 4.2.19 - Xingtone)
    Your Image Alexandria Biggs (HKLM-x32\...\Your Image Alexandria Biggs 1.0.5) (Version: 1.0.5 - Herff Jones Photography)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

    ==================== Restore Points =========================

    24-10-2014 17:25:08 Scheduled Checkpoint
    25-10-2014 10:23:25 Scheduled Checkpoint
    26-10-2014 11:22:46 Scheduled Checkpoint
    27-10-2014 18:04:53 Scheduled Checkpoint
    28-10-2014 17:46:33 Scheduled Checkpoint
    29-10-2014 19:56:49 Scheduled Checkpoint
    11-11-2014 16:15:50 Scheduled Checkpoint
    13-11-2014 20:48:14 Windows Update
    19-11-2014 20:43:44 Windows Update
    22-11-2014 20:58:53 Scheduled Checkpoint
    23-11-2014 14:45:20 Scheduled Checkpoint
    25-11-2014 15:43:48 Scheduled Checkpoint
    03-12-2014 20:32:18 Scheduled Checkpoint
    05-12-2014 00:00:01 Scheduled Checkpoint
    06-12-2014 00:00:01 Scheduled Checkpoint
    07-12-2014 00:00:01 Scheduled Checkpoint
    09-12-2014 20:50:11 Scheduled Checkpoint
    10-12-2014 21:45:44 Windows Update
    16-12-2014 19:18:29 Windows Update
    18-12-2014 21:59:01 Scheduled Checkpoint
    01-01-2015 23:57:00 Scheduled Checkpoint
    03-01-2015 00:00:02 Scheduled Checkpoint
    05-01-2015 00:31:34 Scheduled Checkpoint
    05-01-2015 13:17:50 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02EB2F37-FD79-49FA-B845-D7ABC87D5177} - System32\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {382E8142-8871-407F-8992-13E8C8046B89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {3A8FDE56-B58C-48CB-8C64-5841DCDE6EBB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kiwi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
    Task: {58B1F29D-65E3-41E7-ADE2-7AF8D6C7623E} - System32\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {A8BD85F8-0C64-4DF2-8D55-CEB1805B5F1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {AEBBA7E9-4EB8-48D0-A624-F073E60DE288} - System32\Tasks\{D9C16D89-DFB3-4968-9E50-0D7E9D9CA1CB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {EA65C3C5-B7E5-481D-91DE-006BCA013FF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2007-09-14 14:35 - 2007-09-14 14:35 - 05730304 _____ () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
    2013-07-20 22:39 - 2010-07-12 13:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
    2009-05-19 22:53 - 2006-08-08 08:18 - 00049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
    2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
    2008-02-21 11:55 - 2008-02-21 11:55 - 00846336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
    2008-12-10 22:27 - 2008-07-24 06:49 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2006-08-10 10:37 - 2006-08-10 10:37 - 04587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    2010-07-07 19:52 - 2006-05-07 04:56 - 00073728 _____ () C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\WlanDll.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
    AlternateDataStreams: C:\Users\Daddy\Desktop\2010-12 (Dec):Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Desktop\2011-09 (Sep):Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Desktop\2011-12 (Dec):Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\Add-in Express:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\BlackBerry:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\New Folder:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\SightSpeed Recordings:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Daddy\Documents\Test:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Mommy\Documents\Gayle:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Mommy\Documents\My Scans:Roxio EMC Stream

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: E6TaskPanel => "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" -winstart
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    MSCONFIG\startupreg: IPInSightLAN 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
    MSCONFIG\startupreg: IPInSightMonitor 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPMon32.exe"
    MSCONFIG\startupreg: mcagent_exe => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: PMX Daemon => ICO.EXE
    MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
    MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    MSCONFIG\startupreg: Skytel => Skytel.exe
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2852057853-1305795303-3146060363-500 - Administrator - Disabled)
    Alexandria (S-1-5-21-2852057853-1305795303-3146060363-1003 - Limited - Enabled) => C:\Users\Alexandria
    ASPNET (S-1-5-21-2852057853-1305795303-3146060363-1009 - Limited - Enabled)
    Daddy (S-1-5-21-2852057853-1305795303-3146060363-1004 - Administrator - Enabled) => C:\Users\Daddy
    Guest (S-1-5-21-2852057853-1305795303-3146060363-501 - Limited - Disabled)
    Kiwi (S-1-5-21-2852057853-1305795303-3146060363-1010 - Limited - Enabled) => C:\Users\Kiwi
    Mommy (S-1-5-21-2852057853-1305795303-3146060363-1007 - Limited - Enabled) => C:\Users\Mommy
    Pam (S-1-5-21-2852057853-1305795303-3146060363-1011 - Limited - Enabled) => C:\Users\Pam

    ==================== Faulty Device Manager Devices =============

    Name: isatap.earthlink.net
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.earthlink.net
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/05/2015 07:52:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (01/05/2015 08:31:29 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 08:31:29 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 08:09:06 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 08:09:06 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 08:00:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: McAfee Scanner%%1053

    Error: (01/05/2015 08:00:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000McAfee Scanner

    Error: (01/05/2015 08:00:34 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053MCODS{C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

    Error: (01/05/2015 07:57:12 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 07:57:12 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

    Error: (01/05/2015 07:54:20 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)


    Microsoft Office Sessions:
    =========================
    Error: (11/03/2012 02:14:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (07/21/2011 02:01:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (07/21/2011 02:00:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-05 20:40:42.516
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 20:40:42.313
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 20:40:42.095
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 20:40:41.877
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 20:40:41.533
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 20:40:41.315
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 20:40:41.097
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 20:40:40.894
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 20:40:13.126
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-05 20:40:12.907
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Percentage of memory in use: 54%
    Total physical RAM: 4093.27 MB
    Available physical RAM: 1852.55 MB
    Total Pagefile: 8359.79 MB
    Available Pagefile: 5549.05 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:455.7 GB) (Free:317.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.23 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 98000000)
    Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/5/2015
    Scan Time: 8:44:49 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.06.01
    Rootkit Database: v2014.12.30.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Daddy

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 572918
    Time Elapsed: 26 min, 55 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    Bigalo

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I am attaching a Fixlist file, download it to your desktop where you have FRST running from, then open FRST and click on FIX, it will reboot your system and you will find a file named Fixlog on your desktop, post it please and also let me know how your system is behaving now ??
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default

    My computer appears to be running slow. It's taking a while to boot up. There's not much on this computer, as far as know. The log is as follows:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
    Ran by Daddy at 2015-01-05 22:40:47 Run:1
    Running from C:\Users\Daddy\Desktop
    Loaded Profile: Daddy (Available profiles: Alexandria & Daddy & Mommy & Kiwi & Pam)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM-x32 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL =
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End




    *****************

    Processes closed successfully.
    "HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{65A95FBF-F5AC-44fa-8112-5C493C4DE412} => Key not found.
    "HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}" => Key deleted successfully.
    HKCR\CLSID\{65A95FBF-F5AC-44fa-8112-5C493C4DE412} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 5.7 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 22:57:49 ====
    Bigalo

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •