PDA

View Full Version : I don't know what it is, but something is going on. Help!!!!!



Bigalo
2015-01-05, 02:32
This computer runs slowly intermittingly. In addition, it appears that the printer (HP 1320) isn't working properly, which makes me feel that some type of malware is affecting the printer. When we try to print, intended printed pages may or may not print proplerly. Instead of printing correctly, it will print uninterpreted data across either the top or bottom of the page. I've uninstalled the printer, and reinstalled it, which also makes me believe that it is malware. I've reinstalled via the disk and by downloading the drivers from HP. Please help.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Daddy (administrator) on ALEXANDRIA-PC on 04-01-2015 19:00:42
Running from C:\Users\Daddy\Desktop
Loaded Profile: Daddy (Available profiles: Alexandria & Daddy & Mommy & Kiwi & Pam)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros) C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\acs.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
() C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
(Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Primax Electronics Ltd.) C:\Windows\System32\pmxmiced.exe
(D-Link) C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-17] (Realtek Semiconductor)
HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [91648 2006-11-08] (Primax Electronics Ltd.)
HKLM\...\Run: [Skytel] => Skytel.exe
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [854704 2014-09-25] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe (D-Link)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081211
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081211
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.earthlink.net/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
SearchScopes: HKLM-x32 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {00C4652F-C583-4174-B878-DB42E4CD2EE9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
SearchScopes: HKU\.DEFAULT -> {00C4652F-C583-4174-B878-DB42E4CD2EE9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL =
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: vShare Plugin -> {043C5167-00BB-4324-AF7E-62013FAEDACF} -> C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPub.dll (EarthLink, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll (EarthLink, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll (EarthLink, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
Toolbar: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - No File
Toolbar: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/cabs/HPISWebManager.CAB
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-12-27]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-28]
CHR Extension: (Google Docs) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-28]
CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-28]
CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-28]
CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-28]
CHR Extension: (Google Sheets) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-28]
CHR Extension: (SiteAdvisor) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-10-28]
CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]
CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-12-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\acs.exe [368724 2006-03-21] (Atheros) [File not signed]
R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-17] (Andrea Electronics Corporation)
S2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
S2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
R2 D_Link DWA-182_WPS; C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-12] (WildTangent)
R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [57344 2006-08-10] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe [294912 2006-08-10] (Sonic Solutions) [File not signed]
S2 RoxLiveShare9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [303104 2006-08-10] (Sonic Solutions) [File not signed]
R3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-08-10] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-08-10] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-07-20] (MicroVision Development, Inc.) [File not signed]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-08] (Sonic Solutions)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-08] (Sonic Solutions)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-01] (Sonic Solutions)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-08] (Sonic Solutions)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-08] (Sonic Solutions)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-08] (Sonic Solutions)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-08] (Sonic Solutions)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-01] (Sonic Solutions)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-08] (Sonic Solutions)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-08] (Sonic Solutions)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-01] (Sonic Solutions)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-05-27] (CACE Technologies, Inc.)
R3 pmxmouse; C:\Windows\System32\DRIVERS\pmxmouse.sys [22016 2007-06-01] (Primax Electronics Ltd.)
R3 pmxusblf; C:\Windows\System32\DRIVERS\pmxusblf.sys [24384 2007-05-24] (Primax Electronics Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [58880 2006-08-09] (Sonic Solutions) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-08-09] (Sonic Solutions) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 19:00 - 2015-01-04 19:01 - 00025616 _____ () C:\Users\Daddy\Desktop\FRST.txt
2015-01-04 18:59 - 2015-01-04 19:00 - 00000000 ____D () C:\FRST
2015-01-04 18:57 - 2015-01-04 18:57 - 02123776 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2015-01-04 18:56 - 2015-01-04 18:56 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALEXANDRIA-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
2015-01-04 18:54 - 2015-01-04 18:54 - 00000000 ____D () C:\RegBackup
2015-01-04 18:52 - 2015-01-04 18:52 - 00002072 _____ () C:\Users\Daddy\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-04 18:52 - 2015-01-04 18:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-04 18:52 - 2015-01-04 18:52 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-04 18:51 - 2015-01-04 18:51 - 04215584 _____ () C:\Users\Daddy\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-04 18:50 - 2015-01-04 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-10 22:01 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 22:01 - 2014-11-06 20:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 22:01 - 2014-11-03 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 22:01 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 21:58 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 21:58 - 2014-12-02 20:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 19:36 - 2014-11-24 17:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 19:36 - 2014-11-24 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 19:36 - 2014-11-24 16:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 19:36 - 2014-11-24 16:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 19:36 - 2014-11-24 16:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 19:36 - 2014-11-24 16:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 19:36 - 2014-11-24 16:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 19:36 - 2014-11-24 16:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 19:36 - 2014-11-24 16:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 19:36 - 2014-11-24 16:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 19:36 - 2014-11-24 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 19:36 - 2014-11-24 16:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 19:36 - 2014-11-24 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 19:36 - 2014-11-24 16:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 19:36 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 19:36 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 19:36 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 19:36 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 19:36 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 19:36 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 19:36 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 19:36 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 19:36 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 19:36 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-09 19:36 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 18:57 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 18:57 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 18:50 - 2012-12-27 21:43 - 00001753 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-01-04 18:44 - 2014-11-14 07:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job
2015-01-04 18:44 - 2014-10-28 17:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-04 18:24 - 2014-11-14 07:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job
2015-01-04 18:24 - 2014-10-28 17:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-04 18:19 - 2008-12-10 14:59 - 01958426 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 18:11 - 2008-12-19 21:44 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-04 18:11 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-03 00:05 - 2006-11-02 10:42 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-02 22:38 - 2011-05-28 20:18 - 00003726 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{42665F92-BF63-4B01-AAEA-076200736FC5}
2014-12-18 22:38 - 2011-05-26 20:51 - 00003706 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4064726-62B2-443C-AB1B-D2F6ACC05261}
2014-12-17 20:57 - 2008-12-20 01:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-16 19:23 - 2010-06-07 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-15 21:29 - 2014-10-28 17:14 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-15 21:25 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-12-11 20:36 - 2009-02-04 17:37 - 00002651 _____ () C:\Users\Alexandria\Desktop\Microsoft Office Word 2007.lnk
2014-12-10 22:10 - 2008-12-10 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 22:09 - 2013-08-16 21:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:03 - 2006-11-02 07:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Daddy\AppData\Local\Temp\ANPDApi.dll
C:\Users\Daddy\AppData\Local\Temp\eject.exe
C:\Users\Daddy\AppData\Local\Temp\jre-6u12-windows-i586-p-iftw.exe
C:\Users\Daddy\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Users\Daddy\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Daddy\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Kiwi\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 18:20

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Daddy at 2015-01-04 19:01:46
Running from C:\Users\Daddy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
ccc-core-static (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
Chessmaster Grandmaster Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deal Info (x32 Version: 2008.1.22.0 - EarthLink, Inc) Hidden
Dell Best of Web (HKLM-x32\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
DELL0604 (x32 Version: 1.0.0 - WildTangent) Hidden
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
D-Link DWA-182 (HKLM-x32\...\{508FC6A7-5080-4E8B-A25C-A4962D691E8B}) (Version: - D-Link)
D-Link RangeBooster N DWA-542 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: 1.0b19 - D-Link)
EarthLink Common Authentication (x32 Version: 1.0.87.0 - ) Hidden
EarthLink Toolbar (HKLM-x32\...\{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}) (Version: - EarthLink, Inc.)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPSSupply (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office XP Web Components (HKLM-x32\...\{90260409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6765.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
Mouse Suite for Desktop Computers (HKLM-x32\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Easy Media Creator 9 Suite (HKLM-x32\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.088 - Roxio, Inc.)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
Skins (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Skype web features (HKLM-x32\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{6DBDC768-CE21-4F59-A819-1CFD5D97C84B}) (Version: 1.0.5 - Smith Micro Software, Inc.)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
vShare Plugin (HKLM-x32\...\vShare) (Version: - )
VZAccess Manager (HKLM-x32\...\{780F9A1C-6BFE-4691-83A9-095D859E3052}) (Version: 7.3.13.1 - Smith Micro Software Inc.)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.62 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.10.5 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Xingtone Ringtone Maker (HKLM-x32\...\{625304B0-2976-473B-AD81-5CA376093F03}) (Version: 4.2.19 - Xingtone)
Your Image Alexandria Biggs (HKLM-x32\...\Your Image Alexandria Biggs 1.0.5) (Version: 1.0.5 - Herff Jones Photography)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

==================== Restore Points =========================

17-10-2014 21:44:34 Scheduled Checkpoint
24-10-2014 17:25:08 Scheduled Checkpoint
25-10-2014 10:23:25 Scheduled Checkpoint
26-10-2014 11:22:46 Scheduled Checkpoint
27-10-2014 18:04:53 Scheduled Checkpoint
28-10-2014 17:46:33 Scheduled Checkpoint
29-10-2014 19:56:49 Scheduled Checkpoint
11-11-2014 16:15:50 Scheduled Checkpoint
13-11-2014 20:48:14 Windows Update
19-11-2014 20:43:44 Windows Update
22-11-2014 20:58:53 Scheduled Checkpoint
23-11-2014 14:45:20 Scheduled Checkpoint
25-11-2014 15:43:48 Scheduled Checkpoint
03-12-2014 20:32:18 Scheduled Checkpoint
05-12-2014 00:00:01 Scheduled Checkpoint
06-12-2014 00:00:01 Scheduled Checkpoint
07-12-2014 00:00:01 Scheduled Checkpoint
09-12-2014 20:50:11 Scheduled Checkpoint
10-12-2014 21:45:44 Windows Update
16-12-2014 19:18:29 Windows Update
18-12-2014 21:59:01 Scheduled Checkpoint
01-01-2015 23:57:00 Scheduled Checkpoint
03-01-2015 00:00:02 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02EB2F37-FD79-49FA-B845-D7ABC87D5177} - System32\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {382E8142-8871-407F-8992-13E8C8046B89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {3A8FDE56-B58C-48CB-8C64-5841DCDE6EBB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kiwi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {58B1F29D-65E3-41E7-ADE2-7AF8D6C7623E} - System32\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {A8BD85F8-0C64-4DF2-8D55-CEB1805B5F1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AEBBA7E9-4EB8-48D0-A624-F073E60DE288} - System32\Tasks\{D9C16D89-DFB3-4968-9E50-0D7E9D9CA1CB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {EA65C3C5-B7E5-481D-91DE-006BCA013FF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-09-14 14:35 - 2007-09-14 14:35 - 05730304 _____ () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
2013-07-20 22:39 - 2010-07-12 13:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
2009-05-19 22:53 - 2006-08-08 08:18 - 00049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2008-12-10 22:27 - 2008-07-24 06:49 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2006-08-10 10:37 - 2006-08-10 10:37 - 04587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2010-07-07 19:52 - 2006-05-07 04:56 - 00073728 _____ () C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\WlanDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\Users\Daddy\Desktop\2010-12 (Dec):Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Desktop\2011-09 (Sep):Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Desktop\2011-12 (Dec):Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\Add-in Express:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\BlackBerry:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\New Folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\SightSpeed Recordings:Roxio EMC Stream
AlternateDataStreams: C:\Users\Mommy\Documents\Gayle:Roxio EMC Stream
AlternateDataStreams: C:\Users\Mommy\Documents\My Scans:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: E6TaskPanel => "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" -winstart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IPInSightLAN 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
MSCONFIG\startupreg: IPInSightMonitor 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPMon32.exe"
MSCONFIG\startupreg: mcagent_exe => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: PMX Daemon => ICO.EXE
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2852057853-1305795303-3146060363-500 - Administrator - Disabled)
Alexandria (S-1-5-21-2852057853-1305795303-3146060363-1003 - Limited - Enabled) => C:\Users\Alexandria
ASPNET (S-1-5-21-2852057853-1305795303-3146060363-1009 - Limited - Enabled)
Daddy (S-1-5-21-2852057853-1305795303-3146060363-1004 - Administrator - Enabled) => C:\Users\Daddy
Guest (S-1-5-21-2852057853-1305795303-3146060363-501 - Limited - Disabled)
Kiwi (S-1-5-21-2852057853-1305795303-3146060363-1010 - Limited - Enabled) => C:\Users\Kiwi
Mommy (S-1-5-21-2852057853-1305795303-3146060363-1007 - Limited - Enabled) => C:\Users\Mommy
Pam (S-1-5-21-2852057853-1305795303-3146060363-1011 - Limited - Enabled) => C:\Users\Pam

==================== Faulty Device Manager Devices =============

Name: isatap.earthlink.net
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.earthlink.net
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 06:44:29 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/04/2015 06:13:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 00:05:08 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/01/2015 09:04:09 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2015 09:04:09 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2015 08:26:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:28:15 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/18/2014 08:49:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 10:56:13 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/17/2014 10:10:15 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{3734EC01-2376-4599-9BCA-E78ACC409196}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (01/04/2015 06:54:06 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 06:54:06 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 06:51:44 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/04/2015 06:51:44 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/04/2015 06:46:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (01/04/2015 06:44:09 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 06:44:05 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 06:34:00 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 06:33:56 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 06:23:08 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "RABOFFICE-PC :0" could not be registered on the interface with IP address 192.168.0.112.
The computer with the IP address 192.168.0.106 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (11/03/2012 02:14:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/21/2011 02:01:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/21/2011 02:00:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-01-04 18:11:38.152
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-04 18:11:37.934
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-01 20:24:43.404
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-01 20:24:43.185
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-18 20:47:40.152
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-18 20:47:39.934
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-17 20:57:26.386
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-17 20:57:26.168
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-16 19:13:09.262
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-16 19:13:09.043
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 4093.27 MB
Available physical RAM: 1862.13 MB
Total Pagefile: 8359.79 MB
Available Pagefile: 5791.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.7 GB) (Free:320.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 98000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-04 19:08:27
-----------------------------
19:08:27.340 OS Version: Windows x64 6.0.6002 Service Pack 2
19:08:27.340 Number of processors: 4 586 0xF0B
19:08:27.340 ComputerName: ALEXANDRIA-PC UserName: Daddy
19:08:30.039 Initialize success
19:08:30.570 VM: initialized successfully
19:08:30.570 VM: Intel CPU supported
19:09:06.907 VM: disk I/O atapi.sys
19:15:11.144 The log file has been saved successfully to "C:\Users\Daddy\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-04 19:08:27
-----------------------------
19:08:27.340 OS Version: Windows x64 6.0.6002 Service Pack 2
19:08:27.340 Number of processors: 4 586 0xF0B
19:08:27.340 ComputerName: ALEXANDRIA-PC UserName: Daddy
19:08:30.039 Initialize success
19:08:30.570 VM: initialized successfully
19:08:30.570 VM: Intel CPU supported
19:09:06.907 VM: disk I/O atapi.sys
19:15:11.144 The log file has been saved successfully to "C:\Users\Daddy\Desktop\aswMBR.txt"
19:19:46.461 AVAST engine defs: 15010401
19:20:06.601 The log file has been saved successfully to "C:\Users\Daddy\Desktop\aswMBR.txt"

ken545
2015-01-05, 17:01
:snwelcome:

I see a few things going on, lets run these tools and clean you up some and then go from there



-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



===============================================================================


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.




===============================================================================

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"


http://i24.photobucket.com/albums/c30/ken545/MBAM203_zps0a230260.jpg (http://s24.photobucket.com/user/ken545/media/MBAM203_zps0a230260.jpg.html)


On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished click on VIEW DETAILED LOG
When it opens click on COPY TO CLIPBOARD
Then paste the log back into this thread for review
Exit Malwarebytes

Bigalo
2015-01-05, 19:50
Thanks Ken. after reviewing everything, do you think that the reason that i can't access certain sites, facebook, att, etc... is a result of my issues? The logs are as follows:


# AdwCleaner v4.106 - Report created 05/01/2015 at 11:31:48
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Daddy - ALEXANDRIA-PC
# Running from : C:\Users\Daddy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\ParetoLogic
[!] Folder Deleted : C:\Program Files (x86)\vShare
[!] Folder Deleted : C:\Users\Alexandria\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\Alexandria\AppData\LocalLow\vShare
[!] Folder Deleted : C:\Users\Daddy\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\Daddy\AppData\LocalLow\vShare
[!] Folder Deleted : C:\Users\Daddy\AppData\Roaming\DriverCure
[!] Folder Deleted : C:\Users\Daddy\AppData\Roaming\ParetoLogic
[!] Folder Deleted : C:\Users\Kiwi\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\Kiwi\AppData\LocalLow\vShare
[!] Folder Deleted : C:\Users\Mommy\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\Mommy\AppData\LocalLow\vShare
[!] Folder Deleted : C:\Users\Pam\AppData\LocalLow\vShare
File Deleted : C:\Windows\Uninstall.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Google Chrome v39.0.2171.95

[C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [9436 octets] - [05/01/2015 11:28:49]
AdwCleaner[S0].txt - [7367 octets] - [05/01/2015 11:31:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7427 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Daddy on Mon 01/05/2015 at 11:41:53.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\ELNKTOOLBARHELPER.EXE-0663748D.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{524BD9DB-0682-4FCB-BA1C-D82B75E770D3}
Successfully deleted: [Empty Folder] C:\Users\Daddy\appdata\local\{5ADD868F-B6E6-4113-B08C-16668E703AEE}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/05/2015 at 11:47:50.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/5/2015
Scan Time: 11:53:59 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.05.08
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Daddy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 572709
Time Elapsed: 35 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [cefec82ba2e71e18e3600dd54ab803fd],
PUP.Optional.ArcadeSafari.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Arcadesafari, , [2ba182717a0f39fd89c3e770b05328d8],

Registry Values: 7
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, , [cefec82ba2e71e18e3600dd54ab803fd]
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, , [cefec82ba2e71e18e3600dd54ab803fd]
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, , [cefec82ba2e71e18e3600dd54ab803fd]
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [fcd021d25732181ecc77786ad62c35cb],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [6a62e50e5e2b75c1f251b52d71913dc3],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [b21a945fff8a0333b98aba2831d1946c],
PUP.Optional.ArcadeSafari.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|module@com.arcadesafari.firefox, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox, , [e0ec569dddacee4883af18cc4eb61ee2]

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\locale, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\locale\en-US, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\skin, , [2ba182717a0f39fd89c3e770b05328d8],

Files: 16
PUP.Optional.OpenCandy, C:\Users\Alexandria\AppData\Local\Temp\27CD6B81-465A-4603-8F45-B5DE68D0CE8D\OCSetupHlp.dll, , [854773808cfd66d0fb7c2e811fe611ef],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariGames.exe, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariLinkz.dll, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadeSafariPE.dll, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariUninstall.exe, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\preference.dat, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome.manifest, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\install.rdf, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\main.xul, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module0.js, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module1.js, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module2.js, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module3.js, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module4.js, , [2ba182717a0f39fd89c3e770b05328d8],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\skin\style.css, , [2ba182717a0f39fd89c3e770b05328d8],

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2015-01-05, 20:06
You sure had a lot of junk the scans removed , just concerned about Malwarebytes as I cant see if it Quarantined those items, did you follow the instructions to quarantine all those entries, if not run Malwarebytes again and make sure it removes it all.

All this junk could be part of your problem, lets wait and see

After Malwarebytes quarantines those entries and the scan comes back clean, run a new scan with FRST, make sure you checkmark Additions and post both new logs and lets see if there is any more to do

Bigalo
2015-01-06, 03:08
I forgot to hit the quaurantine all button on the previous scans. The logs are as follows:



LastRegBack: 2015-01-05 19:56

==================== End Of Log ============================

24-10-2014 17:25:08 Scheduled Checkpoint
25-10-2014 10:23:25 Scheduled Checkpoint
26-10-2014 11:22:46 Scheduled Checkpoint
27-10-2014 18:04:53 Scheduled Checkpoint
28-10-2014 17:46:33 Scheduled Checkpoint
29-10-2014 19:56:49 Scheduled Checkpoint
11-11-2014 16:15:50 Scheduled Checkpoint
13-11-2014 20:48:14 Windows Update
19-11-2014 20:43:44 Windows Update
22-11-2014 20:58:53 Scheduled Checkpoint
23-11-2014 14:45:20 Scheduled Checkpoint
25-11-2014 15:43:48 Scheduled Checkpoint
03-12-2014 20:32:18 Scheduled Checkpoint
05-12-2014 00:00:01 Scheduled Checkpoint
06-12-2014 00:00:01 Scheduled Checkpoint
07-12-2014 00:00:01 Scheduled Checkpoint
09-12-2014 20:50:11 Scheduled Checkpoint
10-12-2014 21:45:44 Windows Update
16-12-2014 19:18:29 Windows Update
18-12-2014 21:59:01 Scheduled Checkpoint
01-01-2015 23:57:00 Scheduled Checkpoint
03-01-2015 00:00:02 Scheduled Checkpoint
05-01-2015 00:31:34 Scheduled Checkpoint
05-01-2015 13:17:50 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02EB2F37-FD79-49FA-B845-D7ABC87D5177} - System32\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {382E8142-8871-407F-8992-13E8C8046B89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {3A8FDE56-B58C-48CB-8C64-5841DCDE6EBB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kiwi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {58B1F29D-65E3-41E7-ADE2-7AF8D6C7623E} - System32\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {A8BD85F8-0C64-4DF2-8D55-CEB1805B5F1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AEBBA7E9-4EB8-48D0-A624-F073E60DE288} - System32\Tasks\{D9C16D89-DFB3-4968-9E50-0D7E9D9CA1CB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {EA65C3C5-B7E5-481D-91DE-006BCA013FF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-09-14 14:35 - 2007-09-14 14:35 - 05730304 _____ () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
2013-07-20 22:39 - 2010-07-12 13:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
2009-05-19 22:53 - 2006-08-08 08:18 - 00049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2008-12-10 22:27 - 2008-07-24 06:49 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2006-08-10 10:37 - 2006-08-10 10:37 - 04587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2010-07-07 19:52 - 2006-05-07 04:56 - 00073728 _____ () C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\WlanDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\Users\Daddy\Desktop\2010-12 (Dec):Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Desktop\2011-09 (Sep):Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Desktop\2011-12 (Dec):Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\Add-in Express:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\BlackBerry:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\New Folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\SightSpeed Recordings:Roxio EMC Stream
AlternateDataStreams: C:\Users\Mommy\Documents\Gayle:Roxio EMC Stream
AlternateDataStreams: C:\Users\Mommy\Documents\My Scans:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: E6TaskPanel => "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" -winstart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IPInSightLAN 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
MSCONFIG\startupreg: IPInSightMonitor 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPMon32.exe"
MSCONFIG\startupreg: mcagent_exe => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: PMX Daemon => ICO.EXE
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2852057853-1305795303-3146060363-500 - Administrator - Disabled)
Alexandria (S-1-5-21-2852057853-1305795303-3146060363-1003 - Limited - Enabled) => C:\Users\Alexandria
ASPNET (S-1-5-21-2852057853-1305795303-3146060363-1009 - Limited - Enabled)
Daddy (S-1-5-21-2852057853-1305795303-3146060363-1004 - Administrator - Enabled) => C:\Users\Daddy
Guest (S-1-5-21-2852057853-1305795303-3146060363-501 - Limited - Disabled)
Kiwi (S-1-5-21-2852057853-1305795303-3146060363-1010 - Limited - Enabled) => C:\Users\Kiwi
Mommy (S-1-5-21-2852057853-1305795303-3146060363-1007 - Limited - Enabled) => C:\Users\Mommy
Pam (S-1-5-21-2852057853-1305795303-3146060363-1011 - Limited - Enabled) => C:\Users\Pam

==================== Faulty Device Manager Devices =============

Name: isatap.earthlink.net
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.earthlink.net
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 07:52:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/05/2015 08:00:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Scanner%%1053

Error: (01/05/2015 08:00:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Scanner

Error: (01/05/2015 08:00:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053MCODS{C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

Error: (01/05/2015 07:57:12 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 07:57:12 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 07:54:20 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 07:54:20 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 07:54:16 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 07:54:16 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 07:52:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: RxFilter


Microsoft Office Sessions:
=========================
Error: (11/03/2012 02:14:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/21/2011 02:01:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/21/2011 02:00:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-01-05 19:59:39.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 19:59:39.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 19:59:38.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 19:59:38.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 19:51:14.416
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 19:51:14.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 19:51:13.979
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 19:51:13.760
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 19:49:43.497
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-05 19:49:43.279
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 4093.27 MB
Available physical RAM: 1749.15 MB
Total Pagefile: 8359.79 MB
Available Pagefile: 5336.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.7 GB) (Free:317.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 98000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/5/2015
Scan Time: 6:17:31 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.05.13
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Daddy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 572868
Time Elapsed: 27 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0],
PUP.Optional.ArcadeSafari.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Arcadesafari, Quarantined, [5d7432c1f99073c384f53f1824dfd729],

Registry Values: 7
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0]
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0]
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, 內м»䌤纯Ţ긿쿚, Quarantined, [7e53747fc4c5bc7a6e0203df4bb740c0]
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [ece5688bb5d4979f323e469cdb27a060],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [6b665d964d3c6accd19f82603dc542be],
PUP.Optional.VShare.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, Quarantined, [16bbf9faf69306305c14e2004eb4d62a],
PUP.Optional.ArcadeSafari.A, HKU\S-1-5-21-2852057853-1305795303-3146060363-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|module@com.arcadesafari.firefox, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox, Quarantined, [dcf5589bbbcebc7a2361786c739151af]

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari, Delete-on-Reboot, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox, Delete-on-Reboot, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome, Delete-on-Reboot, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\locale, Delete-on-Reboot, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\locale\en-US, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\skin, Quarantined, [5d7432c1f99073c384f53f1824dfd729],

Files: 16
PUP.Optional.OpenCandy, C:\Users\Alexandria\AppData\Local\Temp\27CD6B81-465A-4603-8F45-B5DE68D0CE8D\OCSetupHlp.dll, Quarantined, [3c95688bd4b5dd5902ceac03887dd030],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariGames.exe, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariLinkz.dll, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadeSafariPE.dll, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariUninstall.exe, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\preference.dat, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome.manifest, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\install.rdf, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\main.xul, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module0.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module1.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module2.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module3.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\main\module4.js, Quarantined, [5d7432c1f99073c384f53f1824dfd729],
PUP.Optional.ArcadeSafari.A, C:\Users\Alexandria\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox\chrome\skin\style.css, Quarantined, [5d7432c1f99073c384f53f1824dfd729],

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2015-01-06, 03:15
OK, good job on Malwarebytes, open it, check for Updates and run another Threat scan, lets hope it comes back clean

Your FRST logs where incomplete

Open FRST, checkmark additions and run a new scan and post both the FRST and the Additions logs please

Bigalo
2015-01-06, 04:23
The logs are as follows:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Daddy (administrator) on ALEXANDRIA-PC on 05-01-2015 20:39:58
Running from C:\Users\Daddy\Desktop
Loaded Profile: Daddy (Available profiles: Alexandria & Daddy & Mommy & Kiwi & Pam)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros) C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\acs.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
() C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
(Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Primax Electronics Ltd.) C:\Windows\System32\pmxmiced.exe
(D-Link) C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-17] (Realtek Semiconductor)
HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [91648 2006-11-08] (Primax Electronics Ltd.)
HKLM\...\Run: [Skytel] => Skytel.exe
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe (D-Link)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081211
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081211
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.earthlink.net/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {00C4652F-C583-4174-B878-DB42E4CD2EE9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> DefaultScope {0D511AB5-9340-4673-94D9-7D25FA1AE649} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {0D511AB5-9340-4673-94D9-7D25FA1AE649} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20140710&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL =
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPub.dll (EarthLink, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll (EarthLink, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll (EarthLink, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
Toolbar: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - No File
DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/cabs/HPISWebManager.CAB
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-12-27]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B211US105D20140710&p={searchTerms}
CHR Profile: C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-28]
CHR Extension: (Google Docs) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-28]
CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-04]
CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-28]
CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-28]
CHR Extension: (Google Sheets) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-28]
CHR Extension: (SiteAdvisor) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-10-28]
CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]
CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-12-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\acs.exe [368724 2006-03-21] (Atheros) [File not signed]
R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-17] (Andrea Electronics Corporation)
S2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
S2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
R2 D_Link DWA-182_WPS; C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-12] (WildTangent)
R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [57344 2006-08-10] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe [294912 2006-08-10] (Sonic Solutions) [File not signed]
S2 RoxLiveShare9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [303104 2006-08-10] (Sonic Solutions) [File not signed]
R3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-08-10] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-08-10] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-07-20] (MicroVision Development, Inc.) [File not signed]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-08] (Sonic Solutions)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-08] (Sonic Solutions)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-01] (Sonic Solutions)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-08] (Sonic Solutions)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-08] (Sonic Solutions)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-08] (Sonic Solutions)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-08] (Sonic Solutions)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-01] (Sonic Solutions)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-08] (Sonic Solutions)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-08] (Sonic Solutions)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-01] (Sonic Solutions)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-05-27] (CACE Technologies, Inc.)
R3 pmxmouse; C:\Windows\System32\DRIVERS\pmxmouse.sys [22016 2007-06-01] (Primax Electronics Ltd.)
R3 pmxusblf; C:\Windows\System32\DRIVERS\pmxusblf.sys [24384 2007-05-24] (Primax Electronics Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [58880 2006-08-09] (Sonic Solutions) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-08-09] (Sonic Solutions) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 20:39 - 2015-01-05 20:40 - 00026404 _____ () C:\Users\Daddy\Desktop\FRST.txt
2015-01-05 20:02 - 2015-01-05 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-05 19:59 - 2015-01-05 20:00 - 00000000 ____D () C:\Users\Daddy\Documents\Test
2015-01-05 11:52 - 2015-01-05 20:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 11:51 - 2015-01-05 18:16 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 11:51 - 2015-01-05 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 11:51 - 2015-01-05 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 11:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 11:51 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 11:51 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 11:49 - 2015-01-05 11:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daddy\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-05 11:47 - 2015-01-05 11:47 - 00000997 _____ () C:\Users\Daddy\Desktop\JRT.txt
2015-01-05 11:41 - 2015-01-05 11:41 - 00000000 ____D () C:\Windows\ERUNT
2015-01-05 11:40 - 2015-01-05 11:40 - 01707939 _____ (Thisisu) C:\Users\Daddy\Desktop\JRT.exe
2015-01-05 11:36 - 2015-01-05 11:36 - 00007507 _____ () C:\Users\Daddy\Desktop\AdwCleaner[S0].txt
2015-01-05 11:28 - 2015-01-05 11:31 - 00000000 ____D () C:\AdwCleaner
2015-01-05 11:27 - 2015-01-05 11:27 - 02173952 _____ () C:\Users\Daddy\Desktop\AdwCleaner.exe
2015-01-04 19:15 - 2015-01-04 19:20 - 00001270 _____ () C:\Users\Daddy\Desktop\aswMBR.txt
2015-01-04 19:05 - 2015-01-04 19:07 - 05198336 _____ (AVAST Software) C:\Users\Daddy\Desktop\aswMBR.exe
2015-01-04 18:59 - 2015-01-05 20:40 - 00000000 ____D () C:\FRST
2015-01-04 18:57 - 2015-01-04 18:57 - 02123776 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2015-01-04 18:56 - 2015-01-04 18:56 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALEXANDRIA-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
2015-01-04 18:54 - 2015-01-04 18:54 - 00000000 ____D () C:\RegBackup
2015-01-04 18:52 - 2015-01-04 18:52 - 00002072 _____ () C:\Users\Daddy\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-04 18:52 - 2015-01-04 18:52 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-04 18:52 - 2015-01-04 18:52 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-04 18:51 - 2015-01-04 18:51 - 04215584 _____ () C:\Users\Daddy\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-10 22:01 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 22:01 - 2014-11-06 20:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 22:01 - 2014-11-03 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 22:01 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 21:58 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 21:58 - 2014-12-02 20:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 19:36 - 2014-11-24 17:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 19:36 - 2014-11-24 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 19:36 - 2014-11-24 16:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 19:36 - 2014-11-24 16:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 19:36 - 2014-11-24 16:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 19:36 - 2014-11-24 16:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 19:36 - 2014-11-24 16:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 19:36 - 2014-11-24 16:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 19:36 - 2014-11-24 16:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 19:36 - 2014-11-24 16:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 19:36 - 2014-11-24 16:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 19:36 - 2014-11-24 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 19:36 - 2014-11-24 16:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 19:36 - 2014-11-24 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 19:36 - 2014-11-24 16:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 19:36 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 19:36 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 19:36 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 19:36 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 19:36 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 19:36 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 19:36 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 19:36 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 19:36 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 19:36 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 19:36 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 19:36 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-09 19:36 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 20:24 - 2014-11-14 07:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job
2015-01-05 20:24 - 2014-10-28 17:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 20:02 - 2012-12-27 21:43 - 00001753 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-01-05 19:58 - 2008-12-10 14:59 - 01981973 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 19:52 - 2014-11-14 07:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job
2015-01-05 19:52 - 2014-10-28 17:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 19:50 - 2008-12-19 21:44 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-05 19:49 - 2008-01-20 22:26 - 00214924 _____ () C:\Windows\PFRO.log
2015-01-05 19:49 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 19:49 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 19:49 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 19:48 - 2006-11-02 10:42 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 19:39 - 2006-11-02 10:07 - 00000000 ____D () C:\Windows\Performance
2015-01-05 11:51 - 2012-01-02 19:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-02 22:38 - 2011-05-28 20:18 - 00003726 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{42665F92-BF63-4B01-AAEA-076200736FC5}
2014-12-18 22:38 - 2011-05-26 20:51 - 00003706 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4064726-62B2-443C-AB1B-D2F6ACC05261}
2014-12-17 20:57 - 2008-12-20 01:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-16 19:23 - 2010-06-07 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-15 21:29 - 2014-10-28 17:14 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-15 21:25 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-12-11 20:36 - 2009-02-04 17:37 - 00002651 _____ () C:\Users\Alexandria\Desktop\Microsoft Office Word 2007.lnk
2014-12-10 22:10 - 2008-12-10 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 22:09 - 2013-08-16 21:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:03 - 2006-11-02 07:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Daddy\AppData\Local\Temp\ANPDApi.dll
C:\Users\Daddy\AppData\Local\Temp\eject.exe
C:\Users\Daddy\AppData\Local\Temp\jre-6u12-windows-i586-p-iftw.exe
C:\Users\Daddy\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Users\Daddy\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Daddy\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Daddy\AppData\Local\Temp\Quarantine.exe
C:\Users\Daddy\AppData\Local\Temp\sqlite3.dll
C:\Users\Kiwi\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 20:02

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Daddy at 2015-01-05 20:40:48
Running from C:\Users\Daddy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
ccc-core-static (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
Chessmaster Grandmaster Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deal Info (x32 Version: 2008.1.22.0 - EarthLink, Inc) Hidden
Dell Best of Web (HKLM-x32\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
DELL0604 (x32 Version: 1.0.0 - WildTangent) Hidden
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
D-Link DWA-182 (HKLM-x32\...\{508FC6A7-5080-4E8B-A25C-A4962D691E8B}) (Version: - D-Link)
D-Link RangeBooster N DWA-542 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: 1.0b19 - D-Link)
EarthLink Common Authentication (x32 Version: 1.0.87.0 - ) Hidden
EarthLink Toolbar (HKLM-x32\...\{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}) (Version: - EarthLink, Inc.)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPSSupply (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office XP Web Components (HKLM-x32\...\{90260409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6765.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
Mouse Suite for Desktop Computers (HKLM-x32\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Easy Media Creator 9 Suite (HKLM-x32\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.088 - Roxio, Inc.)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
Skins (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Skype web features (HKLM-x32\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{6DBDC768-CE21-4F59-A819-1CFD5D97C84B}) (Version: 1.0.5 - Smith Micro Software, Inc.)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
VZAccess Manager (HKLM-x32\...\{780F9A1C-6BFE-4691-83A9-095D859E3052}) (Version: 7.3.13.1 - Smith Micro Software Inc.)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.62 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.10.5 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Xingtone Ringtone Maker (HKLM-x32\...\{625304B0-2976-473B-AD81-5CA376093F03}) (Version: 4.2.19 - Xingtone)
Your Image Alexandria Biggs (HKLM-x32\...\Your Image Alexandria Biggs 1.0.5) (Version: 1.0.5 - Herff Jones Photography)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

==================== Restore Points =========================

24-10-2014 17:25:08 Scheduled Checkpoint
25-10-2014 10:23:25 Scheduled Checkpoint
26-10-2014 11:22:46 Scheduled Checkpoint
27-10-2014 18:04:53 Scheduled Checkpoint
28-10-2014 17:46:33 Scheduled Checkpoint
29-10-2014 19:56:49 Scheduled Checkpoint
11-11-2014 16:15:50 Scheduled Checkpoint
13-11-2014 20:48:14 Windows Update
19-11-2014 20:43:44 Windows Update
22-11-2014 20:58:53 Scheduled Checkpoint
23-11-2014 14:45:20 Scheduled Checkpoint
25-11-2014 15:43:48 Scheduled Checkpoint
03-12-2014 20:32:18 Scheduled Checkpoint
05-12-2014 00:00:01 Scheduled Checkpoint
06-12-2014 00:00:01 Scheduled Checkpoint
07-12-2014 00:00:01 Scheduled Checkpoint
09-12-2014 20:50:11 Scheduled Checkpoint
10-12-2014 21:45:44 Windows Update
16-12-2014 19:18:29 Windows Update
18-12-2014 21:59:01 Scheduled Checkpoint
01-01-2015 23:57:00 Scheduled Checkpoint
03-01-2015 00:00:02 Scheduled Checkpoint
05-01-2015 00:31:34 Scheduled Checkpoint
05-01-2015 13:17:50 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02EB2F37-FD79-49FA-B845-D7ABC87D5177} - System32\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {382E8142-8871-407F-8992-13E8C8046B89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {3A8FDE56-B58C-48CB-8C64-5841DCDE6EBB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kiwi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {58B1F29D-65E3-41E7-ADE2-7AF8D6C7623E} - System32\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {A8BD85F8-0C64-4DF2-8D55-CEB1805B5F1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AEBBA7E9-4EB8-48D0-A624-F073E60DE288} - System32\Tasks\{D9C16D89-DFB3-4968-9E50-0D7E9D9CA1CB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {EA65C3C5-B7E5-481D-91DE-006BCA013FF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00005387651e9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00005399b1b09.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-09-14 14:35 - 2007-09-14 14:35 - 05730304 _____ () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
2013-07-20 22:39 - 2010-07-12 13:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-182 revA\ANIWConnService.exe
2009-05-19 22:53 - 2006-08-08 08:18 - 00049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2008-02-21 11:55 - 2008-02-21 11:55 - 00846336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2008-12-10 22:27 - 2008-07-24 06:49 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2006-08-10 10:37 - 2006-08-10 10:37 - 04587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2010-07-07 19:52 - 2006-05-07 04:56 - 00073728 _____ () C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-542\WlanDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\Users\Daddy\Desktop\2010-12 (Dec):Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Desktop\2011-09 (Sep):Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Desktop\2011-12 (Dec):Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\Add-in Express:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\BlackBerry:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\New Folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\SightSpeed Recordings:Roxio EMC Stream
AlternateDataStreams: C:\Users\Daddy\Documents\Test:Roxio EMC Stream
AlternateDataStreams: C:\Users\Mommy\Documents\Gayle:Roxio EMC Stream
AlternateDataStreams: C:\Users\Mommy\Documents\My Scans:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: E6TaskPanel => "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" -winstart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IPInSightLAN 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
MSCONFIG\startupreg: IPInSightMonitor 01 => "C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPMon32.exe"
MSCONFIG\startupreg: mcagent_exe => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: PMX Daemon => ICO.EXE
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2852057853-1305795303-3146060363-500 - Administrator - Disabled)
Alexandria (S-1-5-21-2852057853-1305795303-3146060363-1003 - Limited - Enabled) => C:\Users\Alexandria
ASPNET (S-1-5-21-2852057853-1305795303-3146060363-1009 - Limited - Enabled)
Daddy (S-1-5-21-2852057853-1305795303-3146060363-1004 - Administrator - Enabled) => C:\Users\Daddy
Guest (S-1-5-21-2852057853-1305795303-3146060363-501 - Limited - Disabled)
Kiwi (S-1-5-21-2852057853-1305795303-3146060363-1010 - Limited - Enabled) => C:\Users\Kiwi
Mommy (S-1-5-21-2852057853-1305795303-3146060363-1007 - Limited - Enabled) => C:\Users\Mommy
Pam (S-1-5-21-2852057853-1305795303-3146060363-1011 - Limited - Enabled) => C:\Users\Pam

==================== Faulty Device Manager Devices =============

Name: isatap.earthlink.net
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.earthlink.net
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 07:52:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/05/2015 08:31:29 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 08:31:29 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 08:09:06 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 08:09:06 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 08:00:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Scanner%%1053

Error: (01/05/2015 08:00:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Scanner

Error: (01/05/2015 08:00:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053MCODS{C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

Error: (01/05/2015 07:57:12 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 07:57:12 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)

Error: (01/05/2015 07:54:20 PM) (Source: DCOM) (EventID: 10016) (User: Alexandria-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Alexandria-PCDaddyS-1-5-21-2852057853-1305795303-3146060363-1004LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (11/03/2012 02:14:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/21/2011 02:01:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/21/2011 02:00:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-01-05 20:40:42.516
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 20:40:42.313
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 20:40:42.095
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 20:40:41.877
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 20:40:41.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 20:40:41.315
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 20:40:41.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 20:40:40.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 20:40:13.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-05 20:40:12.907
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 4093.27 MB
Available physical RAM: 1852.55 MB
Total Pagefile: 8359.79 MB
Available Pagefile: 5549.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.7 GB) (Free:317.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 98000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/5/2015
Scan Time: 8:44:49 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.06.01
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Daddy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 572918
Time Elapsed: 26 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2015-01-06, 05:28
I am attaching a Fixlist file, download it to your desktop where you have FRST running from, then open FRST and click on FIX, it will reboot your system and you will find a file named Fixlog on your desktop, post it please and also let me know how your system is behaving now ??

Bigalo
2015-01-06, 06:07
My computer appears to be running slow. It's taking a while to boot up. There's not much on this computer, as far as know. The log is as follows:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Daddy at 2015-01-05 22:40:47 Run:1
Running from C:\Users\Daddy\Desktop
Loaded Profile: Daddy (Available profiles: Alexandria & Daddy & Mommy & Kiwi & Pam)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2852057853-1305795303-3146060363-1004 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL =
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End




*****************

Processes closed successfully.
"HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{65A95FBF-F5AC-44fa-8112-5C493C4DE412} => Key not found.
"HKU\S-1-5-21-2852057853-1305795303-3146060363-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}" => Key deleted successfully.
HKCR\CLSID\{65A95FBF-F5AC-44fa-8112-5C493C4DE412} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 5.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:57:49 ====

ken545
2015-01-06, 12:59
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Bigalo
2015-01-06, 21:54
I ran the scan. There were no threats found. Since there wasn't any threats found, I wasn't able to retrieve a log.

ken545
2015-01-06, 22:06
Thats fine, how is your system running in general, any browser redirects of pop up windows

Bigalo
2015-01-06, 22:42
When I try to load pages, it's taking forever, or not loading at all. It states that the address isn't found. This isn't for all searches. As for trying to search certain pages, it will redirect me to a yahoo search page. My search engine is Google by default.

ken545
2015-01-06, 23:48
Lets try setting all your browsers back to default , let me know if it made a difference




Open IE
Go to Tools> Internet Options > Advanced Tab
Reset Internet Explorer Setting
Reset
This will take a few seconds
Close IE and then reopen it and see if it helped





Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Down on the bottom you will see an option for RESET BROWSER SETTINGS
Click on it and it will set Chome back to defaults





Open Firefox
Click on Help > Troubleshooting Information > Reset Firefox to its default state

Bigalo
2015-01-07, 05:13
Looks like we're cooking with grease. It's working a whole lot faster.

ken545
2015-01-07, 14:01
Great :bigthumb:


Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.



==========================================================


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.

http://i24.photobucket.com/albums/c30/ken545/DelFix_zps139e2ea1.jpg (http://s24.photobucket.com/user/ken545/media/DelFix_zps139e2ea1.jpg.html)


Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Checkmark " Remove Disinfection Tools"
Click the Run button


This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



==========================================================




How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=97186)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Bigalo
2015-01-07, 19:11
Complete the steps, but there was an error. I need to know if it presents a problem for my system. The log from the DelFix is as follows:

# DelFix v10.8 - Logfile created 07/01/2015 at 12:09:10
# Updated 29/07/2014 by Xplode
# Username : Daddy - ALEXANDRIA-PC
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Error when deleting (1) : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

########## - EOF - ##########

ken545
2015-01-07, 19:16
Nope, no problem, if aswMBR is still on your desktop just drag it to the trash

Bigalo
2015-01-08, 01:46
10-4. Thanks for your assistance!

ken545
2015-01-08, 02:31
Your welcome my friend

Ken :)

ken545
2015-01-08, 13:49
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.