Jump to content

Change Mode

rootkit on dad's laptop


JustinP526
 Share

Recommended Posts

We ran TDSSKiller again and had it delete, rebooted, scanned again and now it shows no problems. Still getting previously mentioned tasks auto starting at random.

Ran FRST scan as directed, here's the results.

 

Here is FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01

Ran by Charles (administrator) on CHARLES-PC on 22-12-2014 21:57:11
Running from C:\Users\Charles\Desktop
Loaded Profile: Charles (Available profiles: Charles)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Dell) C:\Program Files\Dell\Tech Concierge\srvc.exe
(Dell, Inc.) C:\Program Files\Dell\Tech Concierge Backup\Dell-Backup-Svc.exe
(Dell) C:\Program Files\Dell\Tech Concierge\cust.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Dell) C:\Program Files\Dell\Tech Concierge\capp.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell, Inc.) C:\Program Files\Dell\Tech Concierge Backup\DashUI.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel® Corporation)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Dell Backup Dashboard] => C:\Program Files\Dell\Tech Concierge Backup\DashUI.exe [3665904 2014-02-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Charles\AppData\Local\Google\Desktop\Install\{7ba86ce1-d490-3b48-3968-36b34014e170}\d'x"Ù"\", &h#\. ùû[\{7ba86ce1-d490-3b48-3968-36b34014e170}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Run: [Google Update] => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-11] (Google Inc.)
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\RunOnce: [Adobe Speed Launcher] => 1419240015
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\RunOnce: [iolo 3rd Party Reboot] => C:\ProgramData\iolo\IRestartStub.exe [3874264 2014-08-12] (iolo technologies, LLC)
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\MountPoints2: {48eb152e-e845-11e3-93b2-4ceb42583f1c} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\MountPoints2: {48eb153e-e845-11e3-93b2-4ceb42583f1c} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\MountPoints2: {92e74c5e-d71a-11e3-a17c-4ceb42583f1c} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Winlogon: [shell] C:\Windows\EXPLORER.EXE [2871808 2012-03-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Winlogon: [shell] C:\Windows\EXPLORER.EXE [2871808 2012-03-16] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {FED01769-8167-4230-9A04-D5BD0D514ECA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {FED01769-8167-4230-9A04-D5BD0D514ECA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {FED01769-8167-4230-9A04-D5BD0D514ECA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> {FED01769-8167-4230-9A04-D5BD0D514ECA} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 37.235.1.174
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sensiblevision.com/FastAccess,version=4.1.110 -> C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\nprt.dll ( )
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2128885012-2580320901-7308107-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2128885012-2580320901-7308107-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2013-12-14]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-03-16]
FF HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Firefox\Extensions: [games@acandy.com] - C:\Users\Charles\AppData\Local\ArcadeCandy\games@acandy.com
Chrome:
=======
CHR Profile: C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14]
CHR Extension: (Google Drive) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-11]
CHR Extension: (Adblock Plus) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-21]
CHR Extension: (Google Search) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-11]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-12-21]
CHR Extension: (FastAccess SSO) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\feocblgcojafilfbgoineopkngchgaei [2012-05-11]
CHR Extension: (Skype Click to Call) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-25]
CHR Extension: (Google Wallet) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR Extension: (Gmail) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-11]
CHR HKLM\...\Chrome\Extension: [feocblgcojafilfbgoineopkngchgaei] - C:\Program Files (x86)\Sensible Vision\Fast Access\chrome_fasso\extension.crx [2013-10-18]
CHR HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Chrome\Extension: [nnfegheljpcijmdgonkecjpcaopjlpac] - C:\Users\Charles\AppData\Local\ArcadeCandy\candyLinkx.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [feocblgcojafilfbgoineopkngchgaei] - C:\Program Files (x86)\Sensible Vision\Fast Access\chrome_fasso\extension.crx [2013-10-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software) [File not signed]
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Dell Tech Concierge; C:\Program Files\Dell\Tech Concierge\srvc.exe [107840 2014-02-17] (Dell)
R2 Dell-Backup-Svc; C:\Program Files\Dell\Tech Concierge Backup\Dell-Backup-Svc.exe [6955016 2014-02-10] (Dell, Inc.)
S4 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S4 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S4 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [602792 2009-07-01] ( )
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-23] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [38400 2012-09-03] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-08-08] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-21] (StdLib)
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 21:57 - 2014-12-22 21:57 - 00025088 _____ () C:\Users\Charles\Desktop\FRST.txt
2014-12-22 21:56 - 2014-12-22 21:57 - 00000000 ____D () C:\FRST
2014-12-22 21:54 - 2014-12-22 21:54 - 02122240 _____ (Farbar) C:\Users\Charles\Desktop\FRST64.exe
2014-12-22 20:02 - 2014-12-22 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-22 00:43 - 2014-12-22 00:43 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-21 23:56 - 2014-12-21 23:56 - 00001426 _____ () C:\MBAM.txt
2014-12-21 23:11 - 2014-12-21 23:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 23:11 - 2014-12-21 23:11 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-21 23:11 - 2014-12-21 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 23:09 - 2014-12-21 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 23:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 23:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 23:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-21 21:40 - 2014-12-21 21:40 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Charles\Desktop\tdsskiller.exe
2014-12-21 17:55 - 2014-12-21 17:55 - 00125220 _____ () C:\Users\Charles\Documents\BSOD.txt
2014-12-21 17:52 - 2014-12-21 17:52 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-12-21 17:52 - 2014-12-21 17:52 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-12-21 12:15 - 2014-12-21 12:15 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\ZinioReader4
2014-12-21 11:25 - 2014-12-21 11:25 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-21 11:22 - 2014-12-21 11:23 - 14339216 _____ (WinZip ) C:\Users\Charles\Downloads\wzsus18.exe
2014-12-21 11:08 - 2014-12-21 11:08 - 00000000 ____D () C:\iolo
2014-12-21 11:00 - 2014-12-21 11:00 - 00000000 ____D () C:\Users\Charles\AppData\Local\{9581FE4A-EC9F-4EC7-A34D-446CAF538495}
2014-12-17 13:05 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 13:05 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 02:35 - 2014-12-13 02:36 - 00266288 _____ () C:\Windows\Minidump\121314-31262-01.dmp
2014-12-12 20:16 - 2014-12-12 20:16 - 00822769 _____ () C:\ProgramData\SPLBEAF.tmp
2014-12-10 20:02 - 2014-12-10 20:02 - 00822769 _____ () C:\ProgramData\SPL7167.tmp
2014-12-10 19:58 - 2014-12-10 19:58 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 15:13 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 15:13 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:17 - 2014-12-10 03:17 - 00822769 _____ () C:\ProgramData\SPLEF8C.tmp
2014-12-09 14:01 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 14:01 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 14:01 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 14:00 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 14:00 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 14:00 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 14:00 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 14:00 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 14:00 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 14:00 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 14:00 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 14:00 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 14:00 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 14:00 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 14:00 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 14:00 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 14:00 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 14:00 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 14:00 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 14:00 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 14:00 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 14:00 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 14:00 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 14:00 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 14:00 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 14:00 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 14:00 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 14:00 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 14:00 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 14:00 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 14:00 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 14:00 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 14:00 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 14:00 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 14:00 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 14:00 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 14:00 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 14:00 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 14:00 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 14:00 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 14:00 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 14:00 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 14:00 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 14:00 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 14:00 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 14:00 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 14:00 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 14:00 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 14:00 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 14:00 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 14:00 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 14:00 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 14:00 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 14:00 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 14:00 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 14:00 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 14:00 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 14:00 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 14:00 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 14:00 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 13:59 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 13:59 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 13:59 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 13:59 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 13:59 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 13:58 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 13:58 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 13:58 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 13:58 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 13:58 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 13:58 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 13:58 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 13:58 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 13:58 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 03:17 - 2014-12-08 03:17 - 00822769 _____ () C:\ProgramData\SPL452A.tmp
2014-12-05 03:18 - 2014-12-05 03:18 - 00822769 _____ () C:\ProgramData\SPLF3D0.tmp
2014-12-03 19:52 - 2014-12-03 19:52 - 00000000 ____D () C:\Users\Charles\AppData\Local\{F1EF4EB7-D7FA-47AD-86B3-E1FD213B1793}
2014-12-03 17:19 - 2014-12-03 17:19 - 00822769 _____ () C:\ProgramData\SPL1BBA.tmp
2014-12-03 06:56 - 2014-12-03 06:56 - 00822769 _____ () C:\ProgramData\SPLF24A.tmp
2014-12-03 03:16 - 2014-12-03 03:16 - 00822769 _____ () C:\ProgramData\SPL976E.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 21:50 - 2014-02-13 11:15 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000UA1cf28df3a087d3c.job
2014-12-22 21:35 - 2012-04-24 16:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 20:45 - 2012-07-20 15:20 - 00000278 _____ () C:\Windows\Tasks\CandyUpdater.job
2014-12-22 18:36 - 2009-07-13 23:13 - 00782280 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 18:18 - 2014-08-08 20:22 - 01328914 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 18:01 - 2013-05-21 11:07 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-22 17:50 - 2014-11-12 17:45 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000Core1cffed2b103a805.job
2014-12-22 17:50 - 2012-04-11 19:36 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000Core.job
2014-12-22 05:03 - 2014-05-19 12:06 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-12-22 00:53 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 00:53 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 00:46 - 2012-04-26 19:16 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-12-22 00:46 - 2012-04-25 16:02 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-12-22 00:46 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 00:45 - 2014-10-18 09:11 - 00000000 ____D () C:\ProgramData\iolo
2014-12-22 00:45 - 2014-08-08 20:18 - 00057496 _____ () C:\Windows\PFRO.log
2014-12-22 00:45 - 2014-08-08 18:30 - 00004286 _____ () C:\Windows\setupact.log
2014-12-22 00:29 - 2012-06-19 20:16 - 00000000 ____D () C:\Users\Charles\AppData\Local\Facebook
2014-12-22 00:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-22 00:12 - 2012-08-02 17:32 - 00000000 ____D () C:\Program Files (x86)\Ascentive
2014-12-22 00:07 - 2014-11-09 15:11 - 00000000 ____D () C:\Users\Charles\AppData\Local\Unity
2014-12-21 13:50 - 2012-03-16 21:42 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-21 12:16 - 2012-03-16 20:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-21 00:34 - 2012-04-26 19:16 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-12-21 00:25 - 2012-04-26 19:16 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-12-20 20:29 - 2014-05-19 12:05 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-12-20 20:27 - 2014-05-19 12:06 - 00000000 ____D () C:\Program Files\Image-Line
2014-12-20 20:27 - 2014-05-19 11:29 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-12-19 04:11 - 2012-09-13 02:01 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\Skype
2014-12-18 20:58 - 2014-11-16 21:37 - 00000000 ____D () C:\ProgramData\Norton
2014-12-18 03:16 - 2013-03-13 02:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-18 03:16 - 2013-03-13 02:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-16 18:24 - 2013-03-13 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-14 01:48 - 2013-04-25 09:43 - 00000000 ____D () C:\Firefox
2014-12-14 01:33 - 2012-04-29 16:36 - 00000000 ____D () C:\ProgramData\Dl_cats
2014-12-13 08:53 - 2012-04-11 14:14 - 00000000 ____D () C:\Users\Charles
2014-12-13 03:14 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 02:35 - 2014-08-14 16:20 - 412543959 _____ () C:\Windows\MEMORY.DMP
2014-12-13 02:35 - 2014-05-12 01:13 - 00000000 ____D () C:\Windows\Minidump
2014-12-13 02:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-12-12 03:52 - 2012-05-27 11:55 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-12 03:52 - 2012-03-16 20:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 19:58 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 19:58 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 19:58 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 15:28 - 2012-04-15 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:25 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:17 - 2012-10-14 07:53 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 08:51 - 2012-04-11 19:36 - 00002376 _____ () C:\Users\Charles\Desktop\Google Chrome.lnk
2014-12-10 06:35 - 2012-04-24 16:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 06:35 - 2012-04-24 16:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 06:35 - 2012-03-16 20:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-08 03:16 - 2009-07-13 23:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-05 03:18 - 2014-03-16 12:25 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-26 13:15 - 2014-08-28 08:15 - 00000000 ____D () C:\Program Files (x86)\Graboid
ZeroAccess:
C:\Users\Charles\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
Files to move or delete:
====================
C:\ProgramData\dtc-Setup-64bit-V2545.exe
Some content of TEMP:
====================
C:\Users\Charles\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Charles\AppData\Local\Temp\{0247138F-7398-47EC-85D6-18D30C9632EE}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2014-12-21 01:00
==================== End Of Log ============================

 

And here is Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01

Ran by Charles at 2014-12-22 21:58:27
Running from C:\Users\Charles\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.10 - Absolute Software)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Tech Concierge (HKLM\...\Dell Tech Concierge_is1) (Version: 2.004.032.2548.01 - Dell)
Dell Tech Concierge Backup (64-bit) (HKLM\...\{DC9F2C49-0B8F-46C1-97AB-BF82F140ACF3}) (Version: 5.1.14100.810 - Dell, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Escape Whisper Valley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Face Recognition (HKLM\...\{9EBC07E3-0BE4-4256-A06C-CEB998399705}) (Version: 4.1.163.1 - Sensible Vision)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6353 - Realtek Semiconductor Corp.)
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.1
Link to comment
Share on other sites

There are 2 serious infections I can see on the machine with one being a backdoor infection.

 

WARNING!

Looking at your system now, one or more of the identified infections is a backdoor Trojan. If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:

 

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

* From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

 

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear.

 

 

~~~~~~~~~~~~~~~

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Charles\AppData\Local\Google\Desktop\Install\{7ba86ce1-d490-3b48-3968-36b34014e170}\d'x"Ù"\", &h#\. ùû[\{7ba86ce1-d490-3b48-3968-36b34014e170}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Winlogon: [shell] C:\Windows\EXPLORER.EXE [2871808 2012-03-16] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!

HKU\S-1-5-18\...\Winlogon: [shell] C:\Windows\EXPLORER.EXE [2871808 2012-03-16] (Microsoft Corporation) <==== ATTENTION

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM -> DefaultScope {FED01769-8167-4230-9A04-D5BD0D514ECA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {FED01769-8167-4230-9A04-D5BD0D514ECA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {FED01769-8167-4230-9A04-D5BD0D514ECA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> URL http://search.conduit.com/Results.aspx?ctid=CT3317820&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPE5E54435-35AC-43D4-B7A4-12027F334327&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}

SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> {36EECA31-F699-4234-846E-6D2B2B994C85} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=2FC2A335-1D16-4093-86E2-26E345241382&apn_sauid=1D384D09-FD13-4D35-9E62-6FE3C1EBD2D0

SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> {FED01769-8167-4230-9A04-D5BD0D514ECA} URL =

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

CHR HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Chrome\Extension: [nnfegheljpcijmdgonkecjpcaopjlpac] - C:\Users\Charles\AppData\Local\ArcadeCandy\candyLinkx.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

2014-11-26 13:15 - 2014-08-28 08:15 - 00000000 ____D () C:\Program Files (x86)\Graboid

ZeroAccess:

C:\Users\Charles\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\ProgramData\dtc-Setup-64bit-V2545.exe

C:\Users\Charles\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Charles\AppData\Local\Temp\{0247138F-7398-47EC-85D6-18D30C9632EE}.exe

ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

CustomCLSID: HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

ask: {4835BEF6-D60B-4E5B-82AF-AD8CB1A4F7C1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {49FCA4C6-6230-4488-B879-A0499B7F3F68} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {D8234388-9876-4FB6-97D1-5650211577E5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

EmptyTemp:

Hosts:

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~~~~~~~

 

bullseye_zpse9eaf36e.gifMalwarebytes Anti-Rootkit

  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
Link to comment
Share on other sites

Still waiting on the FRST64 fix to finish running.. been going at least 16+ hours now and it's still showing that it's removing temp files. Hope it wasn't a bad thing to bring up task manager and performance monitor while FRST is running. The performance monitor is showing the HDD at either 100KB/sec or 1MB/sec throughput, that's awfully low for a SATA 3.0 drive isn't it?

 

There is a fixlog.txt file on the desktop though, FRST does not seem to be finished running yet. Task manager shows it still running at 25% CPU.

 

I'll get that posted as soon as it's finished I guess, unless you think there's something wrong.

 

Thanks very much for the help so far!

Merry Christmas!! :xmas_biggrin:

Link to comment
Share on other sites

Couldn't get it to close FRST64, but it did run Malwarebytes Anti-Rootkit just fine. Not seeing those tasks showing up in task manager any longer and it's now showing much less CPU and memory use. I'll try to run a Pit test and see how that goes. Here's the fixlog.txt and MBAR system-log.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2014 01

Ran by Charles at 2014-12-24 01:15:35 Run:1
Running from C:\Users\Charles\Desktop
Loaded Profile: Charles (Available profiles: Charles)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Charles\AppData\Local\Google\Desktop\Install\{7ba86ce1-d490-3b48-3968-36b34014e170}\d'x"Ù"\", &h#\. ùû[\{7ba86ce1-d490-3b48-3968-36b34014e170}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Winlogon: [shell] C:\Windows\EXPLORER.EXE [2871808 2012-03-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Winlogon: [shell] C:\Windows\EXPLORER.EXE [2871808 2012-03-16] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {FED01769-8167-4230-9A04-D5BD0D514ECA} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {FED01769-8167-4230-9A04-D5BD0D514ECA} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {FED01769-8167-4230-9A04-D5BD0D514ECA} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> {36EECA31-F699-4234-846E-6D2B2B994C85} URL = http://websearch.ask...62-6FE3C1EBD2D0
SearchScopes: HKU\S-1-5-21-2128885012-2580320901-7308107-1000 -> {FED01769-8167-4230-9A04-D5BD0D514ECA} URL =
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
CHR HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Chrome\Extension: [nnfegheljpcijmdgonkecjpcaopjlpac] - C:\Users\Charles\AppData\Local\ArcadeCandy\candyLinkx.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
2014-11-26 13:15 - 2014-08-28 08:15 - 00000000 ____D () C:\Program Files (x86)\Graboid
ZeroAccess:
C:\Users\Charles\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\ProgramData\dtc-Setup-64bit-V2545.exe
C:\Users\Charles\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Charles\AppData\Local\Temp\{0247138F-7398-47EC-85D6-18D30C9632EE}.exe
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
CustomCLSID: HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
ask: {4835BEF6-D60B-4E5B-82AF-AD8CB1A4F7C1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {49FCA4C6-6230-4488-B879-A0499B7F3F68} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D8234388-9876-4FB6-97D1-5650211577E5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
End
*****************
Processes closed successfully.
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update**.d<*> => Value could not be deleted. Error in Deleting Value: C0000034
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FED01769-8167-4230-9A04-D5BD0D514ECA}" => Key deleted successfully.
HKCR\CLSID\{FED01769-8167-4230-9A04-D5BD0D514ECA} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FED01769-8167-4230-9A04-D5BD0D514ECA}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FED01769-8167-4230-9A04-D5BD0D514ECA} => Key not found.
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36EECA31-F699-4234-846E-6D2B2B994C85}" => Key deleted successfully.
HKCR\CLSID\{36EECA31-F699-4234-846E-6D2B2B994C85} => Key not found.
"HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FED01769-8167-4230-9A04-D5BD0D514ECA}" => Key deleted successfully.
HKCR\CLSID\{FED01769-8167-4230-9A04-D5BD0D514ECA} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
"HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Google\Chrome\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.
C:\Program Files (x86)\Graboid => Moved successfully.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Users\Charles\AppData\Local\Google\Desktop\Install => Moved successfully.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\ProgramData\dtc-Setup-64bit-V2545.exe => Moved successfully.
C:\Users\Charles\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Charles\AppData\Local\Temp\{0247138F-7398-47EC-85D6-18D30C9632EE}.exe => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
ask: {4835BEF6-D60B-4E5B-82AF-AD8CB1A4F7C1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49FCA4C6-6230-4488-B879-A0499B7F3F68}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49FCA4C6-6230-4488-B879-A0499B7F3F68}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8234388-9876-4FB6-97D1-5650211577E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8234388-9876-4FB6-97D1-5650211577E5}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17501
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.491000 GHz
Memory total: 8478961664, free: 2972585984
Downloaded database version: v2014.12.25.01
Downloaded database version: v2014.12.23.02
Downloaded database version: v2014.12.06.01
Initializing...
======================
------------ Kernel report ------------
12/24/2014 19:11:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\47700837.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\wStLib64.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Windows\system32\drivers\rawdsk3.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\facap.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imagehlp.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800967f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80079bb050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800967f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800967fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800967f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80079bb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F2837E
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 208782
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 212992 Numsec = 40960000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 41172992 Numsec = 1912350128
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Infected: HKU\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^‮❤ --> [Trojan.Zaccess]
Infected: c:\program files (x86)\google\desktop\install\{7ba86ce1-d490-3b48-3968-36b34014e170}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{7ba86ce1-d490-3b48-3968-36b34014e170}\ \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{7ba86ce1-d490-3b48-3968-36b34014e170}\ \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{7ba86ce1-d490-3b48-3968-36b34014e170}\ \...\‮ﯹ๛\{7ba86ce1-d490-3b48-3968-36b34014e170} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{7ba86ce1-d490-3b48-3968-36b34014e170}\ \...\‮ﯹ๛\{7ba86ce1-d490-3b48-3968-36b34014e170}\l --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{7ba86ce1-d490-3b48-3968-36b34014e170}\ \...\‮ﯹ๛\{7ba86ce1-d490-3b48-3968-36b34014e170}\u --> [Trojan.0Access]
Infected: C:\Program Files (x86)\Google\Desktop\Install\{7ba86ce1-d490-3b48-3968-36b34014e170} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
Link to comment
Share on other sites

Looks like it worked.

 

I'd like to see a new FRST log since we've run these tools.

It should still be on desktop.

  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

     

     

  • ~~~~~~~~~~~~~

     

    logo.png

    Please download Powelikscleaner (by ESET) and save it to your Desktop.

    • When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe to start the tool.
    • Read the terms of the End-user license agreement and click Agree if you agree to them.
    • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
    • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
    • The tool will produce a log in the same directory the tool was run from.
    • Please copy and paste the log in your next reply.
    1.png

     

    2.png

Please post these logs when finished and, also glad to hear the machine is running better.

 

Since tomorrow is Christmas I can't say what time I might be back to see the logs.

Merry Christmas.

Link to comment
Share on other sites

Mom and dad both said they can't believe how much faster it's running already. Definitely looks much better! Now I just need to pull the keyboard off to clean it up a bit and put some of the keys back on... my 2 y/o nephew popped some off with a pen. Young children are so mischievous!

 

Here's from re-scan of FRST:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01

Ran by Charles (administrator) on CHARLES-PC on 25-12-2014 22:35:03
Running from C:\Users\Charles\Desktop
Loaded Profile: Charles (Available profiles: Charles)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Dell) C:\Program Files\Dell\Tech Concierge\srvc.exe
(Dell, Inc.) C:\Program Files\Dell\Tech Concierge Backup\Dell-Backup-Svc.exe
(Dell) C:\Program Files\Dell\Tech Concierge\cust.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell) C:\Program Files\Dell\Tech Concierge\capp.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell, Inc.) C:\Program Files\Dell\Tech Concierge Backup\DashUI.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Google Inc.) C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel® Corporation)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Dell Backup Dashboard] => C:\Program Files\Dell\Tech Concierge Backup\DashUI.exe [3665904 2014-02-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Charles\AppData\Local\Google\Desktop\Install\{7ba86ce1-d490-3b48-3968-36b34014e170}\d'x"Ù"\", &h#\. ùû[\{7ba86ce1-d490-3b48-3968-36b34014e170}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Run: [Google Update] => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-11] (Google Inc.)
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\RunOnce: [iolo 3rd Party Reboot] => C:\ProgramData\iolo\IRestartStub.exe [3874264 2014-08-12] (iolo technologies, LLC)
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\MountPoints2: {48eb152e-e845-11e3-93b2-4ceb42583f1c} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\MountPoints2: {48eb153e-e845-11e3-93b2-4ceb42583f1c} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\MountPoints2: {92e74c5e-d71a-11e3-a17c-4ceb42583f1c} - E:\VZW_Software_upgrade_assistant.exe
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/nirvana/controls/pcmatic.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 37.235.1.174
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sensiblevision.com/FastAccess,version=4.1.110 -> C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\nprt.dll ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2128885012-2580320901-7308107-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2128885012-2580320901-7308107-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2013-12-14]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-03-16]
FF HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Firefox\Extensions: [games@acandy.com] - C:\Users\Charles\AppData\Local\ArcadeCandy\games@acandy.com
Chrome:
=======
CHR Profile: C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14]
CHR Extension: (Google Drive) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-11]
CHR Extension: (Adblock Plus) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-21]
CHR Extension: (Google Search) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-11]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-12-21]
CHR Extension: (FastAccess SSO) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\feocblgcojafilfbgoineopkngchgaei [2012-05-11]
CHR Extension: (Skype Click to Call) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-25]
CHR Extension: (Google Wallet) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR Extension: (Gmail) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-11]
CHR HKLM\...\Chrome\Extension: [feocblgcojafilfbgoineopkngchgaei] - C:\Program Files (x86)\Sensible Vision\Fast Access\chrome_fasso\extension.crx [2013-10-18]
CHR HKLM-x32\...\Chrome\Extension: [feocblgcojafilfbgoineopkngchgaei] - C:\Program Files (x86)\Sensible Vision\Fast Access\chrome_fasso\extension.crx [2013-10-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Charles\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software) [File not signed]
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Dell Tech Concierge; C:\Program Files\Dell\Tech Concierge\srvc.exe [107840 2014-02-17] (Dell)
R2 Dell-Backup-Svc; C:\Program Files\Dell\Tech Concierge Backup\Dell-Backup-Svc.exe [6955016 2014-02-10] (Dell, Inc.)
S4 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S4 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S4 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [602792 2009-07-01] ( )
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [38400 2012-09-03] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [96472 2014-12-24] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [135384 2014-12-24] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-08-08] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-21] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-25 20:02 - 2014-12-25 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-24 19:40 - 2014-12-24 19:40 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 19:11 - 2014-12-24 19:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-24 19:07 - 2014-12-24 19:07 - 00000000 ____D () C:\Users\Charles\Desktop\mbar
2014-12-24 18:20 - 2014-12-24 18:20 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Charles\Desktop\mbar-1.08.2.1001.exe
2014-12-24 01:13 - 2014-12-24 01:13 - 00005320 _____ () C:\Users\Charles\Desktop\fixlist.txt
2014-12-22 23:26 - 2014-12-24 19:56 - 00007598 _____ () C:\Users\Charles\AppData\Local\Resmon.ResmonCfg
2014-12-22 21:58 - 2014-12-22 21:59 - 00047153 _____ () C:\Users\Charles\Desktop\Addition.txt
2014-12-22 21:57 - 2014-12-25 22:35 - 00021228 _____ () C:\Users\Charles\Desktop\FRST.txt
2014-12-22 21:56 - 2014-12-25 22:35 - 00000000 ____D () C:\FRST
2014-12-22 21:54 - 2014-12-22 21:54 - 02122240 _____ (Farbar) C:\Users\Charles\Desktop\FRST64.exe
2014-12-22 00:43 - 2014-12-22 00:43 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-21 23:56 - 2014-12-21 23:56 - 00001426 _____ () C:\MBAM.txt
2014-12-21 23:11 - 2014-12-24 19:11 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 23:11 - 2014-12-21 23:11 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-21 23:11 - 2014-12-21 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 23:09 - 2014-12-24 19:07 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 23:09 - 2014-12-21 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 23:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 23:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-21 21:40 - 2014-12-21 21:40 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Charles\Desktop\tdsskiller.exe
2014-12-21 17:55 - 2014-12-21 17:55 - 00125220 _____ () C:\Users\Charles\Documents\BSOD.txt
2014-12-21 17:52 - 2014-12-23 16:42 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-12-21 12:15 - 2014-12-21 12:15 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\ZinioReader4
2014-12-21 11:25 - 2014-12-21 11:25 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-21 11:22 - 2014-12-21 11:23 - 14339216 _____ (WinZip ) C:\Users\Charles\Downloads\wzsus18.exe
2014-12-21 11:00 - 2014-12-21 11:00 - 00000000 ____D () C:\Users\Charles\AppData\Local\{9581FE4A-EC9F-4EC7-A34D-446CAF538495}
2014-12-17 13:05 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 13:05 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 02:35 - 2014-12-13 02:36 - 00266288 _____ () C:\Windows\Minidump\121314-31262-01.dmp
2014-12-12 20:16 - 2014-12-12 20:16 - 00822769 _____ () C:\ProgramData\SPLBEAF.tmp
2014-12-10 20:02 - 2014-12-10 20:02 - 00822769 _____ () C:\ProgramData\SPL7167.tmp
2014-12-10 19:58 - 2014-12-10 19:58 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 15:13 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 15:13 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:17 - 2014-12-10 03:17 - 00822769 _____ () C:\ProgramData\SPLEF8C.tmp
2014-12-09 14:01 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 14:01 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 14:01 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 14:01 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 14:00 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 14:00 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 14:00 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 14:00 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 14:00 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 14:00 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 14:00 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 14:00 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 14:00 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 14:00 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 14:00 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 14:00 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 14:00 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 14:00 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 14:00 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 14:00 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 14:00 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 14:00 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 14:00 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 14:00 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 14:00 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 14:00 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 14:00 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 14:00 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 14:00 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 14:00 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 14:00 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 14:00 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 14:00 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 14:00 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 14:00 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 14:00 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 14:00 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 14:00 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 14:00 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 14:00 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 14:00 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 14:00 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 14:00 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 14:00 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 14:00 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 14:00 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 14:00 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 14:00 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 14:00 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 14:00 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 14:00 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 14:00 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 14:00 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 14:00 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 14:00 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 14:00 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 14:00 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 14:00 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 14:00 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 14:00 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 14:00 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 13:59 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 13:59 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 13:59 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 13:59 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 13:59 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 13:58 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 13:58 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 13:58 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 13:58 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 13:58 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 13:58 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 13:58 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 13:58 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 13:58 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 03:17 - 2014-12-08 03:17 - 00822769 _____ () C:\ProgramData\SPL452A.tmp
2014-12-05 03:18 - 2014-12-05 03:18 - 00822769 _____ () C:\ProgramData\SPLF3D0.tmp
2014-12-03 19:52 - 2014-12-03 19:52 - 00000000 ____D () C:\Users\Charles\AppData\Local\{F1EF4EB7-D7FA-47AD-86B3-E1FD213B1793}
2014-12-03 17:19 - 2014-12-03 17:19 - 00822769 _____ () C:\ProgramData\SPL1BBA.tmp
2014-12-03 06:56 - 2014-12-03 06:56 - 00822769 _____ () C:\ProgramData\SPLF24A.tmp
2014-12-03 03:16 - 2014-12-03 03:16 - 00822769 _____ () C:\ProgramData\SPL976E.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-25 22:35 - 2012-04-24 16:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-25 21:50 - 2014-02-13 11:15 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000UA1cf28df3a087d3c.job
2014-12-25 20:45 - 2012-07-20 15:20 - 00000278 _____ () C:\Windows\Tasks\CandyUpdater.job
2014-12-25 18:14 - 2014-08-08 20:22 - 01381728 _____ () C:\Windows\WindowsUpdate.log
2014-12-25 17:50 - 2014-11-12 17:45 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000Core1cffed2b103a805.job
2014-12-25 17:50 - 2012-04-11 19:36 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000Core.job
2014-12-25 15:02 - 2013-05-21 11:07 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-24 19:33 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 19:33 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 19:29 - 2012-04-11 14:14 - 00000000 ____D () C:\Users\Charles
2014-12-24 19:26 - 2014-08-08 18:30 - 00004342 _____ () C:\Windows\setupact.log
2014-12-24 19:26 - 2014-05-12 01:13 - 00000000 ____D () C:\Windows\Minidump
2014-12-24 19:26 - 2014-03-16 12:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-24 19:26 - 2012-04-26 19:16 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-12-24 19:26 - 2012-04-26 19:16 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-12-24 19:26 - 2012-04-26 19:16 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-12-24 19:26 - 2012-04-25 16:02 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-12-24 19:26 - 2012-03-16 22:12 - 00320507 ____N () C:\Windows\Minidump\122414-29390-01.dmp
2014-12-24 19:26 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 19:24 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-24 19:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-12-24 01:15 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-23 16:38 - 2012-03-16 20:59 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-23 16:38 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-23 16:36 - 2012-06-02 14:59 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\WildTangent
2014-12-22 18:36 - 2009-07-13 23:13 - 00782280 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 05:03 - 2014-05-19 12:06 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-12-22 00:46 - 2012-03-16 21:42 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-22 00:45 - 2014-10-18 09:11 - 00000000 ____D () C:\ProgramData\iolo
2014-12-22 00:45 - 2014-08-08 20:18 - 00057496 _____ () C:\Windows\PFRO.log
2014-12-22 00:29 - 2012-06-19 20:16 - 00000000 ____D () C:\Users\Charles\AppData\Local\Facebook
2014-12-22 00:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-22 00:12 - 2012-08-02 17:32 - 00000000 ____D () C:\Program Files (x86)\Ascentive
2014-12-22 00:07 - 2014-11-09 15:11 - 00000000 ____D () C:\Users\Charles\AppData\Local\Unity
2014-12-21 12:16 - 2012-03-16 20:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-20 20:29 - 2014-05-19 12:05 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-12-20 20:27 - 2014-05-19 12:06 - 00000000 ____D () C:\Program Files\Image-Line
2014-12-20 20:27 - 2014-05-19 11:29 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-12-19 04:11 - 2012-09-13 02:01 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\Skype
2014-12-18 20:58 - 2014-11-16 21:37 - 00000000 ____D () C:\ProgramData\Norton
2014-12-18 03:16 - 2013-03-13 02:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-18 03:16 - 2013-03-13 02:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-16 18:24 - 2013-03-13 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-14 01:48 - 2013-04-25 09:43 - 00000000 ____D () C:\Firefox
2014-12-14 01:33 - 2012-04-29 16:36 - 00000000 ____D () C:\ProgramData\Dl_cats
2014-12-13 03:14 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 02:35 - 2014-08-14 16:20 - 412543959 _____ () C:\Windows\MEMORY.DMP
2014-12-12 03:52 - 2012-05-27 11:55 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-12 03:52 - 2012-03-16 20:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 19:58 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 19:58 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 19:58 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 15:28 - 2012-04-15 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:25 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:17 - 2012-10-14 07:53 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 08:51 - 2012-04-11 19:36 - 00002376 _____ () C:\Users\Charles\Desktop\Google Chrome.lnk
2014-12-10 06:35 - 2012-04-24 16:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 06:35 - 2012-04-24 16:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 06:35 - 2012-03-16 20:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-08 03:16 - 2009-07-13 23:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-25 05:49
==================== End Of Log ============================

 

EDIT: Addition.txt did not fully display, added it in a new response.

Edited by JustinP526
Link to comment
Share on other sites

Looks like some of that last response was cut off. Here's the Addition.txt again:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01

Ran by Charles at 2014-12-25 22:35:51
Running from C:\Users\Charles\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.10 - Absolute Software)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Tech Concierge (HKLM\...\Dell Tech Concierge_is1) (Version: 2.004.032.2548.01 - Dell)
Dell Tech Concierge Backup (64-bit) (HKLM\...\{DC9F2C49-0B8F-46C1-97AB-BF82F140ACF3}) (Version: 5.1.14100.810 - Dell, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Face Recognition (HKLM\...\{9EBC07E3-0BE4-4256-A06C-CEB998399705}) (Version: 4.1.163.1 - Sensible Vision)
Google Chrome (HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6353 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.54.95 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2128885012-2580320901-7308107-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
23-12-2014 16:38:58 Removed Zinio Reader 4
24-12-2014 19:58:08 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2014-12-24 01:17 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0790A7F5-D56B-4096-BB76-34311A9D114B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0B32E000-6A04-4068-9639-4E0A21298814} - System32\Tasks\{ED1EFBB7-D1C3-4295-BD1F-8F83CA1A17BF} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2012-03-08] (Microsoft Corporation)
Task: {17D608C2-2E99-456D-B37D-D6DEC7261279} - System32\Tasks\{F4F6D5CB-E7E1-47B0-9385-D19572FFB177} => D:\FL 10.0.2\FLSetup.exe
Task: {1A8BC0AC-8465-4F42-84C2-0F7B868CFB2E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {232BCFF7-09F3-4DD3-AFA8-72760189FF23} - System32\Tasks\{ED24E494-105F-4651-81C4-8E9FBCA43D8C} => D:\FL 10.0.2\FLSetup.exe
Task: {2CFACECE-134D-4297-A34F-7E034B49D5A0} - System32\Tasks\{197CA0CD-66A6-4259-A114-E556DF02E356} => D:\FL 10.0.2\FLSetup.exe
Task: {2EFF9033-E7EB-4296-9167-DD7AD9217CD3} - System32\Tasks\{4DBED254-C530-48C2-B418-A90B9FD4E86C} => D:\FL 10.0.2\FLSetup.exe
Task: {310A69DB-C40E-413A-90BA-FE16CB78B3A4} - System32\Tasks\{E6ADC588-8ED7-446B-94A1-DF0B92FF19BF} => D:\FL 10.0.2\FLSetup.exe
Task: {4164CF37-4EE7-43E8-B2AD-01C38A0D352C} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: {4835BEF6-D60B-4E5B-82AF-AD8CB1A4F7C1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4A98079F-BDA0-4A1C-B800-382A1829243B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000Core1cffed2b103a805 => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11] (Google Inc.)
Task: {4ACA6EF0-56A9-436E-894A-B730854094F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000Core => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11] (Google Inc.)
Task: {4AE0FA4B-D643-4905-9C0E-0343A6D0C1C1} - System32\Tasks\{6BE272FF-2F25-482A-82FD-87DD1186B876} => D:\FL 10.0.2\FLSetup.exe
Task: {52F48D59-EC6D-444A-BC9A-D4407BEA252F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {541D4C76-BFDE-40A2-9BA7-2911E45F379B} - System32\Tasks\{FD7DF590-BDF6-4FB3-AC97-001B055A5051} => D:\FL 10.0.2\FLSetup.exe
Task: {5BDF28E8-BA96-44D6-B3CC-48F4F5668158} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {661653DC-0ECB-4D96-9E4A-406BB907AE9E} - System32\Tasks\{C9A8D375-9DDA-421A-A03F-35C7F07EDDAB} => D:\FL 10.0.2\FLSetup.exe
Task: {6A00AEE4-ACDB-4669-97A1-41C06C4FE958} - System32\Tasks\{9A3B7699-5D9A-49DE-9222-2EBE272BB0F2} => D:\FL 10.0.2\FLSetup.exe
Task: {6B6C10E3-B5E4-44B6-8A42-E1EA64B3454D} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: {6DBEEA4C-95CB-4662-ACA2-5AB6A431A656} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {73C116E1-61B7-439B-B446-640C26B26DAC} - System32\Tasks\{37084D6F-CEC3-44E8-8DAC-A4E0B7269790} => D:\FL 10.0.2\FLSetup.exe
Task: {8484D132-6243-4F19-A86A-D0A2AC85395C} - System32\Tasks\{8EEA3CB9-E849-459E-AFEE-F01092ECEA26} => D:\FL 10.0.2\FLSetup.exe
Task: {8FAFE81A-1438-490F-A6DA-82CC28379077} - System32\Tasks\{1974C5DD-D082-4027-A6F6-AB641EDF60A7} => D:\FL 10.0.2\FLSetup.exe
Task: {93CA8DD7-1C6D-405E-9235-AA4CDA7F868F} - System32\Tasks\{59C6926F-D449-4F4A-A3BD-6C53BF4539C6} => D:\FL 10.0.2\FLSetup.exe
Task: {9B3036ED-1B07-48F9-8A7F-068151442C34} - System32\Tasks\{CDB11968-27C6-46F3-8B3A-A3F78FFFA887} => D:\FL 10.0.2\FLSetup.exe
Task: {9CDA0997-D70D-4F98-BE8B-272E0781816B} - System32\Tasks\{D81423CA-D21D-47CA-B87C-25DC06178DBB} => D:\FL 10.0.2\FLSetup.exe
Task: {A6635176-1C6C-40AA-88FE-8E1A8C1D0021} - System32\Tasks\{153509FA-AC62-4244-A1C4-323B9F27E63C} => D:\FL 10.0.2\FLSetup.exe
Task: {B2085042-3096-4FDA-840A-CC56C5422E50} - System32\Tasks\{9AE3DD23-647E-402B-A84B-5A0DF289AF8F} => D:\FL 10.0.2\FLSetup.exe
Task: {B4F91D68-FDBB-4035-80AF-DE46584ABBC1} - System32\Tasks\CandyUpdater => C:\Users\Charles\AppData\Local\ArcadeCandy\candyUpdater.exe
Task: {BF39DC7B-EF59-4227-B01B-B2EFF31FBF5A} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: {C3896709-39B6-4A2A-A0AC-02DF004C6AFB} - System32\Tasks\{16E4047A-5760-401B-923A-CC6A51208686} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2012-03-08] (Microsoft Corporation)
Task: {CA8E8FBC-109C-4770-9D59-2E331633F226} - System32\Tasks\{C33B2A05-3092-472B-A219-1D29572937AB} => D:\FL 10.0.2\FLSetup.exe
Task: {D26AADF5-6D80-420E-9DB1-B397E55D2EB8} - System32\Tasks\{371697B0-955D-4276-845B-301A894D99E5} => D:\FL 10.0.2\FLSetup.exe
Task: {E3545D5E-E721-4A6B-A7A0-B9E74DEA5D7C} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: {EBD5365D-564C-4AA6-AB98-D4D04FE418BF} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {EC401A85-1A5C-4BDC-AB81-F2B10D4032D3} - System32\Tasks\{1260B38A-C74E-4AE2-8479-10EB05F57523} => D:\FL 10.0.2\FLSetup.exe
Task: {EF2C11A6-877F-4059-8F68-AC615EB6EF4F} - System32\Tasks\{DBC5039D-62C3-4C04-9BAE-599545828649} => D:\FL 10.0.2\FLSetup.exe
Task: {F93A2BAB-6ED0-4A40-9B84-5BA130B7F8C6} - System32\Tasks\{051C051C-478A-4736-B49F-3BED60AF0014} => D:\FL 10.0.2\FLSetup.exe
Task: {FF9F8FA9-ACE3-486F-995A-ED90BB555339} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000UA1cf28df3a087d3c => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CandyUpdater.job => C:\Users\Charles\AppData\Local\ArcadeCandy\candyUpdater.exe
Task: C:\Windows\Tasks\Driver Booster Scan.job => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (Charles).job => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000Core.job => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000Core1cffed2b103a805.job => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128885012-2580320901-7308107-1000UA1cf28df3a087d3c.job => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) =============
2011-11-01 11:58 - 2011-11-01 11:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-02-14 12:45 - 2011-02-14 12:45 - 02869760 _____ () C:\Program Files\Dell\Tech Concierge Backup\QtCore4.dll
2011-02-14 12:45 - 2011-02-14 12:45 - 01277440 _____ () C:\Program Files\Dell\Tech Concierge Backup\QtNetwork4.dll
2011-02-14 12:45 - 2011-02-14 12:45 - 00840704 _____ () C:\Program Files\Dell\Tech Concierge Backup\QtSql4.dll
2009-11-14 20:21 - 2009-11-14 20:21 - 01800704 _____ () C:\Program Files\Dell\Tech Concierge Backup\LIBEAY32.dll
2009-11-14 20:22 - 2009-11-14 20:22 - 00284160 _____ () C:\Program Files\Dell\Tech Concierge Backup\SSLEAY32.dll
2009-11-14 20:14 - 2009-11-14 20:14 - 00076288 _____ () C:\Program Files\Dell\Tech Concierge Backup\ZLIB1.dll
2014-03-04 08:00 - 2014-02-17 18:11 - 00109896 _____ () C:\Program Files\Dell\Tech Concierge\websockets.dll
2013-08-09 16:57 - 2014-02-17 18:09 - 00925056 _____ () C:\Program Files\Dell\Tech Concierge\sqlite3.dll
2009-11-14 20:22 - 2009-11-14 20:22 - 00284160 _____ () C:\Program Files\Dell\Tech Concierge Backup\ssleay32.dll
2009-11-14 20:21 - 2009-11-14 20:21 - 01800704 _____ () C:\Program Files\Dell\Tech Concierge Backup\libeay32.dll
2011-11-01 11:58 - 2011-11-01 11:58 - 00149504 _____ () C:\Program Files\Intel\WiFi\bin\ZLIB1.dll
2011-11-01 11:58 - 2011-11-01 11:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-14 12:45 - 2011-02-14 12:45 - 10445312 _____ () C:\Program Files\Dell\Tech Concierge Backup\QtGui4.dll
2011-02-14 12:45 - 2011-02-14 12:45 - 14713856 _____ () C:\Program Files\Dell\Tech Concierge Backup\QtWebKit4.dll
2011-02-14 12:45 - 2011-02-14 12:45 - 00339456 _____ () C:\Program Files\Dell\Tech Concierge Backup\phonon4.dll
2011-08-26 11:24 - 2011-08-26 11:24 - 00032768 _____ () C:\Program Files\Dell\Tech Concierge Backup\imageformats\qgif4.dll
2012-02-01 10:50 - 2012-02-01 10:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2012-02-01 10:44 - 2012-02-01 10:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2014-12-10 08:51 - 2014-12-05 19:50 - 01077064 _____ () C:\Users\Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-10 08:51 - 2014-12-05 19:50 - 00211272 _____ () C:\Users\Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-10 08:51 - 2014-12-05 19:50 - 09009480 _____ () C:\Users\Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 08:51 - 2014-12-05 19:50 - 01677128 _____ () C:\Users\Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98493519.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98493519.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "ImagePath"="C:\Program Files\Dell\Tech Concierge\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge\Parameters => "Application"="C:\Program Files\Dell\Tech Concierge\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AbsoluteNotifier => 2
MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: dleaCATSCustConnectService => 2
MSCONFIG\Services: dlea_device => 2
MSCONFIG\Services: FAService => 2
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Absolute Notifier => "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: dleamon.exe => "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FATrayAlert => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
MSCONFIG\startupreg: Finally Fast => C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.exe -m
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Performance Center => C:\Program Files (x86)\Ascentive\Performance Center\ApcMain.exe -m
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2128885012-2580320901-7308107-500 - Administrator - Disabled)
Charles (S-1-5-21-2128885012-2580320901-7308107-1000 - Administrator - Enabled) => C:\Users\Charles
Guest (S-1-5-21-2128885012-2580320901-7308107-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2128885012-2580320901-7308107-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/24/2014 09:27:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 16e8
Start Time: 01d01fea9b40edb3
Termination Time: 15
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (12/24/2014 08:26:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 5ec
Start Time: 01d01fe9ecfcc8dc
Termination Time: 31
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (12/24/2014 07:26:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2014 05:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc6b8
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x00122308
Faulting process id: 0xb234
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/23/2014 03:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcbb4
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x000a0bf4
Faulting process id: 0x4bb0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/23/2014 01:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc637
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x001202bc
Faulting process id: 0xc648
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/23/2014 01:35:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bca28
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x00120dbf
Faulting process id: 0x7974
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/22/2014 07:42:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4ce7a46b
Faulting module name: Flash32_15_0_0_246.ocx, version: 15.0.0.246, time stamp: 0x548106ae
Exception code: 0xc0000005
Fault offset: 0x006a62ba
Faulting process id: 0x1ac0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/22/2014 00:46:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/21/2014 11:11:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Faulting module name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Exception code: 0xc0000005
Fault offset: 0x001dc060
Faulting process id: 0xf994
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
System errors:
=============
Error: (12/24/2014 07:33:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (12/24/2014 07:30:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
Error: (12/24/2014 07:30:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (12/24/2014 07:30:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (12/24/2014 07:26:33 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
Error: (12/24/2014 07:26:33 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
Error: (12/24/2014 07:26:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060
Error: (12/24/2014 07:26:26 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa800eec7b30, 0xfffffa800eec7e10, 0xfffff800037e0270)C:\Windows\Minidump\122414-29390-01.dmp122414-29390-01
Error: (12/24/2014 07:59:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (12/24/2014 07:59:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1290
Microsoft Office Sessions:
=========================
Error: (12/24/2014 09:27:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1749616e801d01fea9b40edb315C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (12/24/2014 08:26:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174965ec01d01fe9ecfcc8dc31C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (12/24/2014 07:26:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2014 05:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc6b8MSHTML.dll11.0.9600.17496546ff2f9c00000fd00122308b23401d01f08c31932e9C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllae776397-8afc-11e4-8cef-4ceb42583f1c
Error: (12/23/2014 03:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bcbb4MSHTML.dll11.0.9600.17496546ff2f9c00000fd000a0bf44bb001d01ef2ecfedca9C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll121b4464-8ae7-11e4-8cef-4ceb42583f1c
Error: (12/23/2014 01:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc637MSHTML.dll11.0.9600.17496546ff2f9c00000fd001202bcc64801d01ee8641a4230C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllea65fc23-8adb-11e4-8cef-4ceb42583f1c
Error: (12/23/2014 01:35:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bca28MSHTML.dll11.0.9600.17496546ff2f9c00000fd00120dbf797401d01ee67f6d5740C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlle29ac36e-8ada-11e4-8cef-4ceb42583f1c
Error: (12/22/2014 07:42:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964ce7a46bFlash32_15_0_0_246.ocx15.0.0.246548106aec0000005006a62ba1ac001d01dec596f26f0C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_246.ocx5742cd3f-89e0-11e4-8cef-4ceb42583f1c
Error: (12/22/2014 00:46:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/21/2014 11:11:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecmbam.exe1.0.1.711542b53ecc0000005001dc060f99401d01da5b9a6388cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe077b1b53-8999-11e4-8d44-4ceb42583f1c
CodeIntegrity Errors:
===================================
Date: 2013-11-24 13:49:01.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8086.17 MB
Available physical RAM: 4696.28 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 12645.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:911.88 GB) (Free:741.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Link to comment
Share on other sites

By chance, do you have the ESETPoweliksCleaner log?

 

I'm still seeing infection that should had been removed.

 

Let's continue.

 

Mom and dad both said they can't believe how much faster it's running already. Definitely looks much better!

Great!

 

Please look in add/remove programs list and remove or uninstall

Arcade Candy

 

~~~~~~~~~~~~~~~~~~

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Charles\AppData\Local\Google\Desktop\Install\{7ba86ce1-d490-3b48-3968-36b34014e170}\d'x"Ù"\", &h#\. ùû[\{7ba86ce1-d490-3b48-3968-36b34014e170}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Firefox\Extensions: [games@acandy.com] - C:\Users\Charles\AppData\Local\ArcadeCandy\games@acandy.com

2014-12-08 03:17 - 2014-12-08 03:17 - 00822769 _____ () C:\ProgramData\SPL452A.tmp

2014-12-05 03:18 - 2014-12-05 03:18 - 00822769 _____ () C:\ProgramData\SPLF3D0.tmp

2014-12-03 17:19 - 2014-12-03 17:19 - 00822769 _____ () C:\ProgramData\SPL1BBA.tmp

2014-12-03 06:56 - 2014-12-03 06:56 - 00822769 _____ () C:\ProgramData\SPLF24A.tmp

2014-12-03 03:16 - 2014-12-03 03:16 - 00822769 _____ () C:\ProgramData\SPL976E.tmp

2014-12-25 20:45 - 2012-07-20 15:20 - 00000278 _____ () C:\Windows\Tasks\CandyUpdater.job

C:\Program Files (x86)\Google\Desktop\Install

Task: {4835BEF6-D60B-4E5B-82AF-AD8CB1A4F7C1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {B4F91D68-FDBB-4035-80AF-DE46584ABBC1} - System32\Tasks\CandyUpdater => C:\Users\Charles\AppData\Local\ArcadeCandy\candyUpdater.exe

Task: C:\Windows\Tasks\CandyUpdater.job => C:\Users\Charles\AppData\Local\ArcadeCandy\candyUpdater.exe

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

*******

 

Please download Malwarebytes AntiRootkit and save it to your desktop.

 

Full instructions how to use MBAR

Please note: This is a beta version so please be sure to read the disclaimer and note of it.

 

Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

 

Click on Next > then on Update button to download fresh definitions.

mbar_update.JPG

 

When database updates click Next

 

In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"

mbarscan.JPG

 

If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.

Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.

 

 

The Clean up procedure will be Scheduled for process.

When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

 

>> Please attach the two following logs from the mbar folder:

 

system-log.txt

and

mbar-log-year-month-day (hour-minute-second).txt.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~~~~~

please post

Fixlog.txt

Malwarebytes AntiRootkit

C:\AdwCleaner.txt

JRT.txt

Link to comment
Share on other sites

It also appears your Java is out of date and should be updated as soon as possible.

 

 

6tJPTVb.pngJavaRa

  • Please download JavaRa and save the file to your Desktop.
  • Close any open windows.
  • Right-Click JavaRa.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Remove JRE.
  • Skip Step 1 and click the next button.
  • Click Perform Removal Routine.
  • Upon completion, click OK.
  • Click Next and skip the downloading process. Click Next, followed by Close this wizard, followed by Finish.
  • Return to the main menu and click Additional Tasks.
  • Place a checkmark next to Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files.
  • Note: Ensure no browser windows are open.
  • Click Run.
  • Upon completion, the following message will be displayed: Selected tasks completed successfully.
  • Close JavaRa.
~~~~~~~~~~~~~`

Download the latest version of Java here

https://java.com/en/download/index.jsp

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to comment
Share on other sites

There isn't any entry for Arcade Candy, but got the log for Eset Powelikscleaner:

 

 

[2014.12.26 20:08:24.612] - Begin

[2014.12.26 20:08:24.612] -
[2014.12.26 20:08:24.612] - ....................................
[2014.12.26 20:08:24.612] - ..::::::::::::::::::....................
[2014.12.26 20:08:24.612] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Poweliks
[2014.12.26 20:08:24.612] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.0.0.1
[2014.12.26 20:08:24.612] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Oct 15 2014
[2014.12.26 20:08:24.612] - .::EE:::::::::::::SS:.EE..........TT......
[2014.12.26 20:08:24.612] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright © ESET, spol. s r.o.
[2014.12.26 20:08:24.612] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
[2014.12.26 20:08:24.612] - ....................................
[2014.12.26 20:08:24.612] -
[2014.12.26 20:08:24.612] - --------------------------------------------------------------------------------
[2014.12.26 20:08:24.612] -
[2014.12.26 20:08:24.612] - INFO: OS: 6.1.7601 SP1
[2014.12.26 20:08:24.628] - INFO: Product Type: Workstation
[2014.12.26 20:08:24.628] - INFO: WoW64: True
[2014.12.26 20:08:24.628] - INFO: Machine guid: A417AF9A-22F7-44C1-AA46-25E980B92655
[2014.12.26 20:08:24.628] -
[2014.12.26 20:09:02.724] - INFO: Scanning for system infection...
[2014.12.26 20:09:02.724] - --------------------------------------------------------------------------------
[2014.12.26 20:09:02.724] -
[2014.12.26 20:09:02.724] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.12.26 20:09:02.724] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.12.26 20:09:02.724] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.12.26 20:09:02.724] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.12.26 20:09:02.724] - INFO: Processing classes...
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{08FB66B9-2D2D-4B35-A747-D5D9E9F472E2}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{0F9285DF-3511-4FE6-A587-CD8F61A121CA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{21902B91-1E80-4282-AFDE-AB014CB4ED5A}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{220DFF67-87CE-4D26-8020-27E0B554A880}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{3063357E-821C-4A7D-B49A-F61EA772BF9B}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{699A646B-C61E-4C36-A253-620E4EBD294C}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{71FDCAEA-B6F2-4B6C-A18C-6C85F0E4662F}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{7E024D23-24D9-425B-B2E3-1BF397408365}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{A1436E43-F58F-4D3B-B908-B6DA44563B00}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{A480C024-04D0-4F28-8CF0-ADACE2BD839C}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{B41AD4BE-25BA-4A51-A0BB-FC1584E316F1}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{C9E37353-EC76-4A58-B575-BBA8B4BD06D1}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.771] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[2014.12.26 20:09:02.786] - INFO: Processing clsid [\Registry\User\S-1-5-21-2128885012-2580320901-7308107-1000\SOFTWA
Link to comment
Share on other sites

My responses keep getting cut off so the whole thing won't show up. Don't know if that is our connection here or what, but any device we connect via wireless gets only a few hundred B/sec throughput. Maybe time to stop buying Linksys routers, we're on 3rd one this year!!

 

FRST running again but it's stopping at "deleting temp files" from a specific location.

C:\Users\Charles\AppData\Local\Temp

 

I even tried browsing for this to delete it myself but no such directory even shows up.

Think it will just be easier to do a fresh re-install of Windows.

Link to comment
Share on other sites

Stop FRST again

It will probably produce a log like it did before....And if it does let's post that.

 

After wards

Please Run TFC by OldTimer to clear temporary files:

TFC by OldTimer and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

~~~~~~~~~~~~~~~~~

 

Your post was clipped here on the forum board but it came through in it's entirety to my email.

You can split posting logs into two or more to ensure all of the entire log can be seen.

 

For your router, it might be a simple fix.

Resetting back to default might make those connections and speeds better.

 

Could be it's time to invest in a different router that may have a better life expectancy.

 

Resetting your router and changing the router admin password

 

~~~~~~

We are probably close to finishing cleaning the computer.

There is an online scanner I suggest people use to show remnants of infections and PUP/PUM to to remove and complete the process, Most reliable and thorough.

 

If your at a point where you think it's time to wipe and reinstall, I understand. Just let me know.

 

 

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note:

    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.
*************************************
Link to comment
Share on other sites

No idea about internet connection here, it will sit at 0B/sec for 2 minutes before starting anything.. and that's on all devices that are connected wireless. The router is a Linksys E2500 and it's only a few months old.

 

Going to run TFC now then,

 

Something keeps making the HDD run at only 10MB/sec (my 12 y/o IDE drive runs faster than that).

 

Here is the FRST fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014

Ran by Charles at 2014-12-26 20:24:07 Run:2
Running from C:\Users\Charles\Desktop
Loaded Profile: Charles (Available profiles: Charles)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Charles\AppData\Local\Google\Desktop\Install\{7ba86ce1-d490-3b48-3968-36b34014e170}\d'x"Ù"\", &h#\. ùû[\{7ba86ce1-d490-3b48-3968-36b34014e170}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKU\S-1-5-21-2128885012-2580320901-7308107-1000\...\Firefox\Extensions: [games@acandy.com] - C:\Users\Charles\AppData\Local\ArcadeCandy\games@acandy.com
2014-12-08 03:17 - 2014-12-08 03:17 - 00822769 _____ () C:\ProgramData\SPL452A.tmp
2014-12-05 03:18 - 2014-12-05 03:18 - 00822769 _____ () C:\ProgramData\SPLF3D0.tmp
2014-12-03 17:19 - 2014-12-03 17:19 - 00822769 _____ () C:\ProgramData\SPL1BBA.tmp
2014-12-03 06:56 - 2014-12-03 06:56 - 00822769 _____ () C:\ProgramData\SPLF24A.tmp
2014-12-03 03:16 - 2014-12-03 03:16 - 00822769 _____ () C:\ProgramData\SPL976E.tmp
2014-12-25 20:45 - 2012-07-20 15:20 - 00000278 _____ () C:\Windows\Tasks\CandyUpdater.job
C:\Program Files (x86)\Google\Desktop\Install
Task: {4835BEF6-D60B-4E5B-82AF-AD8CB1A4F7C1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B4F91D68-FDBB-4035-80AF-DE46584ABBC1} - System32\Tasks\CandyUpdater => C:\Users\Charles\AppData\Local\ArcadeCandy\candyUpdater.exe
Task: C:\Windows\Tasks\CandyUpdater.job => C:\Users\Charles\AppData\Local\ArcadeCandy\candyUpdater.exe
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update**.d<*> => Value could not be deleted. Error in Deleting Value: C0000034
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-2128885012-2580320901-7308107-1000\Software\Mozilla\Firefox\Extensions\\games@acandy.com => value deleted successfully.
C:\ProgramData\SPL452A.tmp => Moved successfully.
C:\ProgramData\SPLF3D0.tmp => Moved successfully.
C:\ProgramData\SPL1BBA.tmp => Moved successfully.
C:\ProgramData\SPLF24A.tmp => Moved successfully.
C:\ProgramData\SPL976E.tmp => Moved successfully.
C:\Windows\Tasks\CandyUpdater.job => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4835BEF6-D60B-4E5B-82AF-AD8CB1A4F7C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4835BEF6-D60B-4E5B-82AF-AD8CB1A4F7C1}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4F91D68-FDBB-4035-80AF-DE46584ABBC1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4F91D68-FDBB-4035-80AF-DE46584ABBC1}" => Key deleted successfully.
C:\Windows\System32\Tasks\CandyUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CandyUpdater" => Key deleted successfully.
C:\Windows\Tasks\CandyUpdater.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
Link to comment
Share on other sites

If you have started the Eset scan, allow it to finish...

 

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

  • U5NwUGc.pngBackup Chrome Bookmarks

     

    Google Chrome needs to be uninstalled/deleted.

    Then reinstalled.

     

    We can use Revo Uninstaller to remove all traces.

     

    Please download and install Revo Uninstaller Free

    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on The Program to remove Google Chrome
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • when the built-in uninstaller is finished click on Next.
    • Once the program has searched for leftovers click Next.
    • Check/tick the bolded items only on the list then click Delete
    • when prompted click on Yes and then on next.
    • put a check on any folders that are found and select delete
    • when prompted select yes then on next
    • Once done click Finish.
    I think we need to run this:

     

    Download the latest version of TDSSKiller from here and save it to your Desktop.

     

     

  • Doubleclick on TDSSKiller.exe to run the application

    tdss%20start.JPG

  • Then click on Change parameters.

     

    tdss%20Change%20param.JPG

  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.

     

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

     

    tdss%20threat.JPG

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

     

    tdss%20report.JPG

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

     

    Please copy and paste its contents on your next reply.

     

     

     

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

     

     

You may need to make multiple post.
Link to comment
Share on other sites

TFC ran for 4 hours and then the machine just froze up, tried to click and got a pop up saying something about the target HDD not available.

Last I noticed on the Performance Monitor, it showed the drive running at 10,000 B/sec (not even even a whole kilobyte). I'm starting to think there is a problem with either the HDD or the motherboard.

 

I don't know what else to do at this point, especially since every reboot requires dad to log it back in. All I do know at this time is that he let my brother use the laptop many times over the past year and my brother downloading anything he pleased. Guess it's pointless for him to have such a security feature as facial recognition only to let others do as they wish with the machine.

 

Think I'm done with it at this point.

Link to comment
Share on other sites

If theres any kind of hardware issues now (HDD or the motherboard), I can't help with that.

This was a heavily infected machine with some of the worse out there.

 

I know it's hard to do anything with the special "every reboot requires dad to log it back in"

good golly!

 

I think at this time to prevent further frustration and who knows how much more time involved with scanning, just to produce errors, If you should now want to wipe and reinstall I fully understand.

Link to comment
Share on other sites

I'm going to open up the laptop and check the HDD to be sure it's got a snug connection, also make sure there's no dust/dirt buildup in there. Tried running Seatools a week or so ago (not sure if I need to do the Samsung tool though, the drive has a Seagate model number and a search shows it branded as both Seagate and Samsung) but the tool couldn't even detect any HDD.

 

I don't really mind how much work it is to fix the problem, just want to help dad.

 

As far as aggravation goes, I'm more aggravated by my own machine. It keeps freezing up randomly whether I'm using it or not. Thinking I've got either a stick of RAM going out or one of the slots is since most of the time I have to power it off and re-seat memory for it to even boot back up.

 

Well I'll check out hardware and maybe can get those scans to go alright on next attempt. If no, then we'll probably just try fresh re-install or look into a new HDD.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...