Jump to content

Black screen with cursor after log in. After using Malwarebytes


VCM15
 Share

Recommended Posts

Hey Guys/Gals

 

How's it going?

 

Ive seen a few posts about this type of problem but wasn't sure if I should try what they suggest because I wasn't sure if each case was the same. If that's the case, please just point me to a thread that will help. I apologize if I shouldn't have made a new thread about this. I also hope that I posted this in the proper forum.

 

Recently I mistakenly installed some programs that I thought seemed like malware while trying to install Skype. I ended up with no skype but a few programs I've never heard of: Mysearchdial, MyPC backup, and a couple others I can't remember. First I tried uninstalling them normally but thought I should do a proper scan as well.

 

I ran Malwarebytes, which detected some items. Some of them were checked, some weren't. I clicked delete. I did not restart afterwards as instructed. Instead I ran scan again which detected the same items which weren't checked. I checked these myself and deleted. After this second time was when I restarted. In between scans I also checked the quarantine and deleted what was in there. I assume it was the items from the first time I deleted because there is 30 items in there now which I think came from my second scan-delete. Because I didn't restart after the first time I deleted I don't know if this would've happened or not, just know that it happened after the two rounds of deleting so I've included both logs.

 

So now after I go through normal windows login I just get a black screen with a moveable cursor which never progresses any further. I am working in safe mode with networking currently.

 

I assume I deleted something I shouldn't have. Just wondering what I can try now to fix my blunder.

 

Here are the logs:

 

Log 1:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Clayza :: CLAYZA-PC [administrator]

Protection: Enabled

13/11/2013 1:13:33 PM
mbam-log-2013-11-13 (13-13-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234994
Time elapsed: 12 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 24
HKCR\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} (PUP.Optional.PricePeep.A) -> No action taken.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> No action taken.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> No action taken.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> No action taken.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> No action taken.
HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> No action taken.
HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (PUP.Optional.PricePeep.A) -> No action taken.
HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (PUP.Optional.PricePeep.A) -> No action taken.
HKCR\PricePeep.PricePeepBho.1 (PUP.Optional.PricePeep.A) -> No action taken.
HKCR\PricePeep.PricePeepBho (PUP.Optional.PricePeep.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep (PUP.Optional.PricePeep.A) -> No action taken.
HKCR\AppID\PricePeep.DLL (PUP.Optional.PricePeep.A) -> No action taken.
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> No action taken.
HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> No action taken.
HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho (Adware.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0H1L1J1L1S1R1N -> No action taken.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=) Good: (http://www.google.com) -> No action taken.

Folders Detected: 4
C:\Program Files (x86)\PricePeep (PUP.Optional.PricePeep.A) -> No action taken.
C:\Users\Clayza\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Clayza\AppData\Roaming\mysearchdial\icons_2.2.5.1070 (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Clayza\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> No action taken.

Files Detected: 14
C:\Program Files (x86)\PricePeep\pricepeep.dll (PUP.Optional.PricePeep.A) -> No action taken.
C:\Users\Clayza\AppData\Local\Temp\is1275519350\497801_stp\BatBrowseSetup.exe (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Users\Clayza\AppData\Local\Temp\is1275519350\497948_stp\rcpsetup_binstall2_binstall2.exe (PUP.Optional.RegCleanerPro.A) -> No action taken.
C:\Users\Clayza\Local Settings\Temporary Internet Files\Content.IE5\8FWD48N8\Setup[1].exe (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Program Files (x86)\PricePeep\installer.ico (PUP.Optional.PricePeep.A) -> No action taken.
C:\Program Files (x86)\PricePeep\uninstall.exe (PUP.Optional.PricePeep.A) -> No action taken.
C:\Program Files (x86)\PricePeep\unutil.exe (PUP.Optional.PricePeep.A) -> No action taken.
C:\Users\Clayza\Desktop\MySearchDial.url (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Clayza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> No action taken.
C:\Users\Clayza\AppData\Roaming\mysearchdial\icons_2.2.5.1070\59.ico (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Clayza\AppData\Roaming\mysearchdial\icons_2.2.5.1070\60.ico (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Clayza\AppData\Roaming\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Program Files (x86)\PricePeep\pricepeep.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Clayza\AppData\Local\Temp\is1275519350\498033_stp.EXE (Adware.Agent) -> Quarantined and deleted successfully.

(end)

 

Log 2:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Clayza :: CLAYZA-PC [administrator]

Protection: Enabled

13/11/2013 1:27:40 PM
mbam-log-2013-11-13 (13-27-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235406
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\AppID\PricePeep.DLL (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0H1L1J1L1S1R1N -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 4
C:\Program Files (x86)\PricePeep (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\AppData\Roaming\mysearchdial\icons_2.2.5.1070 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Files Detected: 11
C:\Users\Clayza\AppData\Local\Temp\is1275519350\497801_stp\BatBrowseSetup.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\AppData\Local\Temp\is1275519350\497948_stp\rcpsetup_binstall2_binstall2.exe (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\Local Settings\Temporary Internet Files\Content.IE5\8FWD48N8\Setup[1].exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PricePeep\installer.ico (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PricePeep\uninstall.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PricePeep\unutil.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\Desktop\MySearchDial.url (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\AppData\Roaming\mysearchdial\icons_2.2.5.1070\59.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\AppData\Roaming\mysearchdial\icons_2.2.5.1070\60.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Clayza\AppData\Roaming\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

(end)

Thanks in advance for your attention, and let me know if there's any other info you need from me to help.

 

Cheers,

Clay
 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Run the following from Safemode with NW

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

I read the piracy policy and uninstalled utorrent. I've tried to uninstall a copy of MS office 2010, but the uninstall won't work and I cant seem to get rid of it. Is there anything I could try? I really would uninstall the program if the uninstaller would work. Thats the only thing that might be an issue. I have to go to hockey for now but Ill be back later. Hopefully I'm not SOL with help from here because of this...

 

I ran the scan and these are the results

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Clayza (administrator) on CLAYZA-PC on 13-11-2013 20:00:38
Running from C:\Users\Clayza\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-01-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [5908928 2012-01-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-01-18] (Lenovo)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-18] (Google Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Clayza\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-26] (Facebook Inc.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20474528 2013-10-02] (Skype Technologies S.A.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-01-18] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft
\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll [260416 2012-02-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [215360 2012-02-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
SearchScopes: HKLM-x32 - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
SearchScopes: HKCU - {86810125-3A44-4F81-9E77-C94516DBA3F7} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=BAA4E8FF-AD31-4FB9-A904-AE8FF28502E0&apn_sauid=C3B8CD94-836F-4ABE-8E92-C4CFEBE3318B
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95

FireFox:
========
FF ProfilePath: C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default
FF user.js: detected! => C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\user.js
FF SearchEngineOrder.1: Mysearchdial

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Clayza\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF SearchPlugin: C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\searchplugins\Mysearchdial.xml
FF Extension: Ask Toolbar - C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\Extensions\toolbar@ask.com
FF Extension: pricepeep - C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\Extensions\pricepeep@getpricepeep.com.xpi
FF Extension: prefs - C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======

CHR RestoreOnStartup:         "urls_to_restore_on_startup": [
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Clayza\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (McAfee SiteAdvisor) - C:\Users\Clayza\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0
CHR Extension: (PricePeep) - C:\Users\Clayza\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.3_0
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 hasplms; C:\windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
S3 RDID1102; C:\Windows\System32\Drivers\rdwm1102.sys [81920 2009-09-18] (Roland Corporation)
S3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-13 20:00 - 2013-11-13 20:00 - 00024198 _____ C:\Users\Clayza\Downloads\FRST.txt
2013-11-13 20:00 - 2013-11-13 20:00 - 00000000 ____D C:\FRST
2013-11-13 19:59 - 2013-11-13 19:59 - 01957794 _____ (Farbar) C:\Users\Clayza\Downloads\FRST64.exe
2013-11-13 19:51 - 2013-11-13 19:51 - 01184256 _____ C:\Users\Clayza\Downloads\MicrosoftFixit50450.msi
2013-11-13 13:12 - 2013-11-13 13:12 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Malwarebytes
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 13:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-13 13:11 - 2013-11-13 13:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Clayza\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-09 22:32 - 2013-11-10 04:43 - 2013021810 ____R C:\Users\Clayza\Downloads\River.Monsters.S05E01.Face.Ripper.720p.HDTV.x264-DHD.mkv
2013-11-06 13:46 - 2013-11-06 13:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 10:41 - 2013-11-05 14:12 - 00012581 _____ C:\Users\Clayza\Documents\Samping Data.xlsx
2013-11-03 23:48 - 2013-11-05 21:09 - 00000000 ____D C:\Users\Clayza\Desktop\Seashore field guide
2013-11-01 16:36 - 2013-11-01 16:36 - 00000000 ____D C:\Users\Clayza\Downloads\River Monsters HD Complete with Specials
2013-10-28 20:34 - 2013-10-28 20:34 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files\iTunes
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files\iPod
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-28 19:24 - 2013-11-05 21:02 - 00000000 ____D C:\Users\Clayza\Desktop\Seashore photos
2013-10-26 17:23 - 2013-10-30 22:30 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Skype
2013-10-26 17:23 - 2013-10-26 17:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-26 17:23 - 2013-10-26 17:23 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-26 17:23 - 2013-10-26 17:23 - 00000000 ____D C:\ProgramData\Skype
2013-10-26 17:10 - 2013-10-26 17:11 - 00000000 ____D C:\Users\Clayza\AppData\Local\Mobogenie
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\Documents\Mobogenie
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\AppData\Local\cache
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 _____ C:\Users\Clayza\daemonprocess.txt
2013-10-26 17:09 - 2013-10-30 22:26 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-26 17:09 - 2013-10-26 17:16 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Systweak
2013-10-26 17:09 - 2013-10-26 17:09 - 00001091 _____ C:\Users\Clayza\Desktop\MyPC Backup.lnk
2013-10-26 17:09 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-26 17:09 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Advanced System Protector
2013-10-26 17:09 - 2013-10-26 17:08 - 00351112 _____ C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx
2013-10-26 17:09 - 2013-06-19 16:27 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\windows\system32\roboot64.exe
2013-10-26 17:08 - 2013-11-13 13:10 - 00000296 _____ C:\windows\Tasks\UpdaterEX.job
2013-10-26 17:08 - 2013-10-26 17:08 - 00003240 _____ C:\windows\System32\Tasks\UpdaterEX
2013-10-26 17:08 - 2013-10-26 17:08 - 00000391 _____ C:\Users\Clayza\Desktop\FREE Games.url
2013-10-26 17:08 - 2013-10-26 17:08 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\UpdaterEX
2013-10-26 16:53 - 2013-10-26 16:53 - 00000000 __SHD C:\found.000
2013-10-26 16:31 - 2013-11-13 13:05 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA.job
2013-10-26 16:31 - 2013-11-13 13:05 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core.job
2013-10-26 16:31 - 2013-10-26 17:05 - 00003910 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA
2013-10-26 16:31 - 2013-10-26 17:05 - 00003542 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core
2013-10-26 16:31 - 2013-10-26 16:32 - 00000000 ____D C:\Users\Clayza\AppData\Local\Facebook
2013-10-25 12:17 - 2013-10-25 12:17 - 01403268 _____ C:\Users\Clayza\Downloads\MOvin, CruiZin 2.m4a
2013-10-17 20:04 - 2013-10-17 20:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 12:56 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys

==================== One Month Modified Files and Folders =======

2013-11-13 20:00 - 2013-11-13 20:00 - 00024198 _____ C:\Users\Clayza\Downloads\FRST.txt
2013-11-13 20:00 - 2013-11-13 20:00 - 00000000 ____D C:\FRST
2013-11-13 19:59 - 2013-11-13 19:59 - 01957794 _____ (Farbar) C:\Users\Clayza\Downloads\FRST64.exe
2013-11-13 19:51 - 2013-11-13 19:51 - 01184256 _____ C:\Users\Clayza\Downloads\MicrosoftFixit50450.msi
2013-11-13 19:49 - 2009-07-14 01:13 - 00005372 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-13 19:44 - 2012-01-18 01:41 - 00298128 _____ C:\windows\system32\fastboot.set
2013-11-13 19:40 - 2012-01-18 01:29 - 00445440 _____ C:\windows\system32\TPHDLOG0.LOG
2013-11-13 19:39 - 2012-01-18 01:26 - 02705222 _____ C:\FaceProv.log
2013-11-13 19:39 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-13 19:39 - 2009-07-14 00:51 - 00104350 _____ C:\windows\setupact.log
2013-11-13 19:35 - 2012-04-07 01:17 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\uTorrent
2013-11-13 14:36 - 2012-01-18 01:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 13:33 - 2010-11-20 23:47 - 00059514 _____ C:\windows\PFRO.log
2013-11-13 13:32 - 2012-01-18 00:40 - 01196740 _____ C:\windows\WindowsUpdate.log
2013-11-13 13:17 - 2012-04-01 21:23 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 13:14 - 2012-01-18 01:29 - 01411200 _____ C:\windows\system32\TPAPSLOG.LOG
2013-11-13 13:13 - 2012-01-18 01:37 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 13:12 - 2013-11-13 13:12 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Malwarebytes
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 13:11 - 2013-11-13 13:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Clayza\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-13 13:10 - 2013-10-26 17:08 - 00000296 _____ C:\windows\Tasks\UpdaterEX.job
2013-11-13 13:05 - 2013-10-26 16:31 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA.job
2013-11-13 13:05 - 2013-10-26 16:31 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core.job
2013-11-13 13:05 - 2012-01-18 01:26 - 00000000 ____D C:\ProgramData\VeriFace
2013-11-11 14:20 - 2012-04-02 12:05 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\vlc
2013-11-10 04:43 - 2013-11-09 22:32 - 2013021810 ____R C:\Users\Clayza\Downloads\River.Monsters.S05E01.Face.Ripper.720p.HDTV.x264-DHD.mkv
2013-11-06 20:44 - 2012-04-26 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-06 13:46 - 2013-11-06 13:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 21:09 - 2013-11-03 23:48 - 00000000 ____D C:\Users\Clayza\Desktop\Seashore field guide
2013-11-05 21:02 - 2013-10-28 19:24 - 00000000 ____D C:\Users\Clayza\Desktop\Seashore photos
2013-11-05 14:12 - 2013-11-05 10:41 - 00012581 _____ C:\Users\Clayza\Documents\Samping Data.xlsx
2013-11-01 16:36 - 2013-11-01 16:36 - 00000000 ____D C:\Users\Clayza\Downloads\River Monsters HD Complete with Specials
2013-11-01 16:20 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-01 16:20 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 11:36 - 2012-01-18 01:21 - 00000000 ____D C:\ProgramData\McAfee
2013-10-30 22:30 - 2013-10-26 17:23 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Skype
2013-10-30 22:26 - 2013-10-26 17:09 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-28 20:34 - 2013-10-28 20:34 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files\iTunes
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files\iPod
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-26 17:24 - 2013-10-26 17:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-26 17:23 - 2013-10-26 17:23 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-26 17:23 - 2013-10-26 17:23 - 00000000 ____D C:\ProgramData\Skype
2013-10-26 17:16 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Systweak
2013-10-26 17:11 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\AppData\Local\Mobogenie
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\Documents\Mobogenie
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\AppData\Local\cache
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 _____ C:\Users\Clayza\daemonprocess.txt
2013-10-26 17:10 - 2012-04-01 05:58 - 00000000 ____D C:\Users\Clayza
2013-10-26 17:09 - 2013-10-26 17:09 - 00001091 _____ C:\Users\Clayza\Desktop\MyPC Backup.lnk
2013-10-26 17:09 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-26 17:09 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Advanced System Protector
2013-10-26 17:09 - 2012-04-01 05:58 - 00000000 ___RD C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-26 17:08 - 2013-10-26 17:09 - 00351112 _____ C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx
2013-10-26 17:08 - 2013-10-26 17:08 - 00003240 _____ C:\windows\System32\Tasks\UpdaterEX
2013-10-26 17:08 - 2013-10-26 17:08 - 00000391 _____ C:\Users\Clayza\Desktop\FREE Games.url
2013-10-26 17:08 - 2013-10-26 17:08 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\UpdaterEX
2013-10-26 17:05 - 2013-10-26 16:31 - 00003910 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA
2013-10-26 17:05 - 2013-10-26 16:31 - 00003542 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core
2013-10-26 16:53 - 2013-10-26 16:53 - 00000000 __SHD C:\found.000
2013-10-26 16:48 - 2009-07-14 01:08 - 00032584 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-26 16:32 - 2013-10-26 16:31 - 00000000 ____D C:\Users\Clayza\AppData\Local\Facebook
2013-10-25 12:17 - 2013-10-25 12:17 - 01403268 _____ C:\Users\Clayza\Downloads\MOvin, CruiZin 2.m4a
2013-10-17 20:04 - 2013-10-17 20:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 20:04 - 2013-01-31 19:29 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 12:50 - 2012-01-18 01:21 - 00000000 ____D C:\Program Files\Common Files\mcafee

Some content of TEMP:
====================
C:\Users\Clayza\AppData\Local\Temp\26791uninstall.exe
C:\Users\Clayza\AppData\Local\Temp\ApnStub.exe
C:\Users\Clayza\AppData\Local\Temp\BackupSetup.exe
C:\Users\Clayza\AppData\Local\Temp\contentDATs.exe
C:\Users\Clayza\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Clayza\AppData\Local\Temp\hasp_windows.dll
C:\Users\Clayza\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\ose00000.exe
C:\Users\Clayza\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Clayza\AppData\Local\Temp\Sqlite3.dll
C:\Users\Clayza\AppData\Local\Temp\utt18DE.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 01:38

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Clayza at 2013-11-13 20:01:29
Running from C:\Users\Clayza\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Active Protection System (x32 Version: 1.70.11)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
A-PRO Driver
ASIO4ALL (x32 Version: 2.10)
Ask Toolbar (x32 Version: 1.14.1.0)
Ask Toolbar Updater (HKCU Version: 1.2.0.20007)
Audacity 2.0 (x32)
BioExcess (Version: 7.0.67.0)
BioExcess (x32 Version: 7.0.67.0)
Bonjour (Version: 3.0.0.10)
Bootstrapper (x32 Version: 1.1.1.0)
Camel Audio CamelCrusher64 (x32 Version: 1.01.0)
CCleaner (Version: 3.17)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
CyberLink YouCam (x32 Version: 3.1.3623)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
EgisTec ES603 WDM Driver (x32 Version: 3.0.10.4)
Energy Management (x32 Version: 6.0.2.1)
Extended Update (HKCU)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FL Studio 10 (x32)
Flux_BitterSweetII (x32 Version: 2.3.4.11942)
Flux_StereoTool (x32 Version: 2.3.4.11942)
Free Alpha 3 (HKCU)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 31.0.1650.48)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Hardcore (x32)
IL Autogun (x32)
IL Download Manager (x32)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2342)
Intel® PROSet/Wireless WiFi Software (Version: 14.2.0000)
Intel® Rapid Storage Technology (x32 Version: 10.1.5.1001)
Intel® Wireless Display
Intel® Wireless Display (x32 Version: 2.0.27.0)
iTunes (Version: 11.1.2.32)
IZArc 4.1.6 (x32 Version: 4.1.6)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java 6 Update 22 (x32 Version: 6.0.220)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows) (x32)
Lenovo EasyCamera (x32 Version: 1.11.0209.1)
Lenovo EE Boot Optimizer (Version: 0.0.1.6)
Lenovo OneKey Recovery (Version: 7.0.1628)
Lenovo OneKey Recovery (x32 Version: 7.0.1628)
Lenovo Security Suite (x32 Version: 2.0.11.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Maximus (x32)
McAfee AntiVirus Plus (x32 Version: 12.8.856)
McAfee Security Scan Plus (Version: 3.8.130.8)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Minitab 16 (x32 Version: 16.2.3)
Minitab Software Update Manager (x32 Version: 1.1.0.0)
Minitab16 (x32 Version: 16.2.3.0)
Morphine (x32)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
Mozilla Thunderbird 17.0.6 (x86 en-US) (x32 Version: 17.0.6)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MyPC Backup  (Version: )
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.11 (Version: 1.7.11)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Port Locker (Version: 1.0.5.24)
Port Locker (x32 Version: 1.0.5.24)
Power2Go (x32 Version: 5.6.0.7303)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6282)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008)
Shared C Run-time for x64 (Version: 10.0.0)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.9 (x32 Version: 6.9.106)
SoftwareManager (x32 Version: 1.1.0.0)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
Sytrus (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
VeriFace (x32 Version: 4.0.0.1224)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

18-10-2013 19:29:43 Windows Update
22-10-2013 17:36:54 Windows Update
25-10-2013 18:25:29 Windows Update
31-10-2013 02:33:17 Windows Update
05-11-2013 14:32:05 Windows Update
08-11-2013 20:09:43 Windows Update
13-11-2013 17:17:19 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {06293EC4-1C44-4A78-A85F-B2ECADF916F9} - System32\Tasks\UpdaterEX => C:\Users\Clayza\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {191A664F-B5F9-4968-8A44-12959D1115EA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {260E888A-20FD-494A-86BF-1C4BEAB502D8} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-11-05] (Minitab)
Task: {3A246FEB-55F5-4C0C-8E77-A43CDEF4E8B4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core => C:\Users\Clayza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-26] (Facebook Inc.)
Task: {3C28C1A0-1F7C-4307-A98D-E2703A113424} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] ()
Task: {48722A84-D429-4C00-8A69-DA4779240077} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {4E9F4808-244C-42EC-BC0E-9F396B70E45F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {74168ACB-38E7-47EC-8BB7-9269627518B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {90B265DF-91BA-499F-BEFF-0D15B7225877} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {A432B5E3-8B31-4CA5-8F34-9E401196717F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {A5B4E0A0-6293-4032-AFEE-E5B693CF37F0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA => C:\Users\Clayza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-26] (Facebook Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core.job => C:\Users\Clayza\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA.job => C:\Users\Clayza\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\Clayza\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE

==================== Loaded Modules (whitelisted) =============

2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-18 01:26 - 2012-01-18 01:26 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2013-11-06 13:46 - 2013-11-06 13:46 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-04 00:09 - 2013-04-04 00:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-09 13:17 - 2013-10-09 13:17 - 16233864 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2013 07:56:59 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL; Description = Removed Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (11/13/2013 07:52:35 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL; Description = Removed Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (11/13/2013 07:49:18 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/13/2013 07:49:18 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/13/2013 07:48:18 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /modify PROPLUS /dll OSETUP.DLL; Description = Removed Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (11/13/2013 07:47:38 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL; Description = Removed Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (11/13/2013 07:46:21 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL; Description = Removed Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (11/13/2013 07:45:58 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL; Description = Removed Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (11/13/2013 07:45:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2013 07:45:26 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).


System errors:
=============
Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2013 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/13/2013 07:56:59 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLLRemoved Microsoft Office Professional Plus 20100x8007043c

Error: (11/13/2013 07:52:35 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLLRemoved Microsoft Office Professional Plus 20100x8007043c

Error: (11/13/2013 07:49:18 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (11/13/2013 07:49:18 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (11/13/2013 07:48:18 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /modify PROPLUS /dll OSETUP.DLLRemoved Microsoft Office Professional Plus 20100x8007043c

Error: (11/13/2013 07:47:38 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLLRemoved Microsoft Office Professional Plus 20100x8007043c

Error: (11/13/2013 07:46:21 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLLRemoved Microsoft Office Professional Plus 20100x8007043c

Error: (11/13/2013 07:45:58 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLLRemoved Microsoft Office Professional Plus 20100x8007043c

Error: (11/13/2013 07:45:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2013 07:45:26 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 8106.14 MB
Available physical RAM: 6882.62 MB
Total Pagefile: 16210.46 MB
Available Pagefile: 15033.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:284.58 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:25.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F5B9DCAC)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================

 

Thanks again

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

For MS office removal go here: http://support.microsoft.com/kb/971179 scroll to the "Fixit" relevant to your operating system....

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Let me see those logs, will your system boot to normal mode?

 

 

 

fixlist.txt

Link to post
Share on other sites

FixLog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by Clayza at 2013-11-13 23:04:58 Run:1
Running from C:\Users\Clayza\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
C:\Program Files (x86)\Ask.com
Startup: C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
C:\Program Files (x86)\MyPC Backup
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=2135284479&ir=
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://websearch.ask...RJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=BAA4E8FF-AD31-4FB9-A904-AE8FF28502E0&apn_sauid=C3B8CD94-836F-4ABE-8E92-C4CFEBE3318B
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
FF SearchEngineOrder.1: Mysearchdial
FF SearchPlugin: C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\searchplugins\Mysearchdial.xml
FF Extension: Ask Toolbar - C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\Extensions\toolbar@ask.com
FF Extension: pricepeep - C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\Extensions\pricepeep@getpricepeep.com.xpi
FF Extension: prefs - C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx
C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;
C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx
C:\Users\Clayza\AppData\Local\Temp\26791uninstall.exe
C:\Users\Clayza\AppData\Local\Temp\ApnStub.exe
C:\Users\Clayza\AppData\Local\Temp\BackupSetup.exe
C:\Users\Clayza\AppData\Local\Temp\contentDATs.exe
C:\Users\Clayza\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Clayza\AppData\Local\Temp\hasp_windows.dll
C:\Users\Clayza\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\ose00000.exe
C:\Users\Clayza\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Clayza\AppData\Local\Temp\Sqlite3.dll
C:\Users\Clayza\AppData\Local\Temp\utt18DE.tmp.exe
Task: {3C28C1A0-1F7C-4307-A98D-E2703A113424} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] ()
End



*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86810125-3A44-4F81-9E77-C94516DBA3F7} => Key deleted successfully.
HKCR\CLSID\{86810125-3A44-4F81-9E77-C94516DBA3F7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\Extensions\toolbar@ask.com => Moved successfully.
C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\Extensions\pricepeep@getpricepeep.com.xpi => Moved successfully.
C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx => Moved successfully.
"C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
BcmSqlStartupSvc => Service deleted successfully.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
DriverService => Service deleted successfully.
IAStorDataMgrSvc => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SeaPort => Service deleted successfully.
SoftwareService => Service deleted successfully.
SQLWriter => Service deleted successfully.
Stereo Service => Service deleted successfully.
"C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
C:\Users\Clayza\AppData\Local\Temp\26791uninstall.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\hasp_windows.dll => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
C:\Users\Clayza\AppData\Local\Temp\utt18DE.tmp.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C28C1A0-1F7C-4307-A98D-E2703A113424} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C28C1A0-1F7C-4307-A98D-E2703A113424} => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.

==== End of Fixlog ====

 

Okay, Ive tried fixit to uninstall office, but I just get the error message: "The windows installer service is not accesible in safe mode. Please try again when your computer is not is Safe Mode or you can use system restore..."

 

Should I try go ahead with the next step and uninstall office afterwards? Will that work?

 

The only reason I have it is because I'm a student and I needed to get some work done with it at one time, and have been really meaning to get a legit copy-every student should have one-but never ended up getting around to it. So it's not a big deal to me not to have it until I get a proper license. I will get rid of it once it's possible.

Link to post
Share on other sites

Right, sorry you didn't need an explanation.

 

I just ran scan, and tried to boot normally but I am still getting the black screen with cursor.

 

Log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.14.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16721
Clayza :: CLAYZA-PC [administrator]

Protection: Disabled

14/11/2013 12:39:49 PM
mbam-log-2013-11-14 (12-39-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234059
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Boot to Safemode once more, Click the "Start" button located in the Windows desktop and choose "Control Panel," then "System and Maintenance," and finally "Device Manager." The Device Manager window comes into view showing a list of hardware device categories.

Click the "Display Adapters" option and then double-click on the name of the graphics card installed on the computer. A device properties window opens.

Click the "Driver" tab within the device properties window and then press "Uninstall." Windows removes the video card driver. Reboot Windows in Normal mode.

 

Any change?

Link to post
Share on other sites

Hey Kev,

 

Thanks for all the help, and sorry for not getting back till now. I ran start up repair a heap of times and pretty much everytime it didn't find any problems. The only time it actually did something was when it prompted me to do it without me even doing anything, just after one of my many reboots. It went through its thing, and did a system restore. I eventually got it to boot normally but it would just freeze up before everything was completely loaded, like would get some stuff loaded, but it would freeze before I would even get connected to the internet. I tried a system restore to wednesday morning before I ever deleted anything with MBAM but it still didnt work, and I ended up back to the black screen upon login...So I went back through all the steps, same result. I eventually kinda got fed up with trying start up repair more times than I can remember, and just did a system restore to a week ago.

 

Seems like I'm back to a working state now. But I do still have the malware that I was trying to get rid of that caused all this. So my only question now is....what causes this to happen? Is there any way to know what should be removed with MBAM and what shouldn't? I've used the program in the past and had good results. But I'm a slightly weary of using it now. I'd still recommend it and everything but just a little unsure now.

 

Anyways, if ya can answer the question, great, if not, no problem. Otherwise you can probably close this thread.

 

Thanks again for your correspondance and Ill make a donation for your help.

Link to post
Share on other sites

If you are back to a working state but do suspect malware to be present we can run FRST and have a look. This initial scan is purely diagnostic so will make no changes.

Regarding what Malwarebyes removed, not sure would have to see a log, I would think maybe something related to the Winlogon reg key...

 

Winlogon is the component of MS operating systems that is responsible for handling the secure sequence of loading a user profile on logon, obviously any changes to that key can end up with the dreaded black screen at boot..

 

If you want to progress this further, let me know

Link to post
Share on other sites

Okay cool, good to know.

 

Alright just ran FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Clayza (administrator) on CLAYZA-PC on 15-11-2013 18:16:18
Running from C:\Users\Clayza\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SafeNet Inc.) C:\windows\system32\hasplms.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Lenovo.) C:\windows\System32\TPHDEXLG64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-01-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [5908928 2012-01-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-01-18] (Lenovo)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-18] (Google Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Clayza\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-26] (Facebook Inc.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20474528 2013-10-02] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin [829832 2013-10-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-01-18] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll [260416 2012-02-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [215360 2012-02-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
SearchScopes: HKLM-x32 - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0CtCyEtC0E0FzyyD0FtBtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2135284479&ir=
SearchScopes: HKCU - {86810125-3A44-4F81-9E77-C94516DBA3F7} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=BAA4E8FF-AD31-4FB9-A904-AE8FF28502E0&apn_sauid=C3B8CD94-836F-4ABE-8E92-C4CFEBE3318B
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95

FireFox:
========
FF ProfilePath: C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default
FF user.js: detected! => C:\Users\Clayza\AppData\Roaming\Mozilla\Firefox\Profiles\vu6dbnxl.default\user.js
FF SearchEngineOrder.1: Mysearchdial

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Clayza\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======

CHR RestoreOnStartup:         "urls_to_restore_on_startup": [
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Clayza\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (McAfee SiteAdvisor) - C:\Users\Clayza\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0
CHR Extension: (PricePeep) - C:\Users\Clayza\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.3_0
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Clayza\AppData\Local\mysearchdial-speeddial.crx

==================== Services (Whitelisted) =================

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 hasplms; C:\windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S2 0127361383340862mcinstcleanup; C:\windows\TEMP\012736~1.EXE -cleanup -nolog [x]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
S3 RDID1102; C:\Windows\System32\Drivers\rdwm1102.sys [81920 2009-09-18] (Roland Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 18:08 - 2013-11-15 18:08 - 01957794 _____ (Farbar) C:\Users\Clayza\Downloads\FRST64.exe
2013-11-15 17:03 - 2013-11-15 17:05 - 00000000 ____D C:\649a24f10f8606914ee9077632
2013-11-13 20:01 - 2013-11-13 20:01 - 00026174 _____ C:\Users\Clayza\Downloads\Addition.txt
2013-11-13 20:00 - 2013-11-15 18:16 - 00027776 _____ C:\Users\Clayza\Downloads\FRST.txt
2013-11-13 20:00 - 2013-11-13 23:04 - 00000000 ____D C:\FRST
2013-11-13 13:12 - 2013-11-15 20:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Malwarebytes
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-09 22:32 - 2013-11-10 04:43 - 2013021810 ____R C:\Users\Clayza\Downloads\River.Monsters.S05E01.Face.Ripper.720p.HDTV.x264-DHD.mkv
2013-11-06 13:46 - 2013-11-15 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 10:41 - 2013-11-05 14:12 - 00012581 _____ C:\Users\Clayza\Documents\Samping Data.xlsx
2013-11-03 23:48 - 2013-11-05 21:09 - 00000000 ____D C:\Users\Clayza\Desktop\Seashore field guide
2013-11-01 16:36 - 2013-11-01 16:36 - 00000000 ____D C:\Users\Clayza\Downloads\River Monsters HD Complete with Specials
2013-11-01 16:27 - 2013-11-01 16:27 - 00000833 _____ C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-10-28 20:34 - 2013-10-28 20:34 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files\iTunes
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files\iPod
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-28 19:24 - 2013-11-05 21:02 - 00000000 ____D C:\Users\Clayza\Desktop\Seashore photos
2013-10-26 17:23 - 2013-11-15 17:56 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Skype
2013-10-26 17:23 - 2013-10-26 17:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-26 17:23 - 2013-10-26 17:23 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-26 17:23 - 2013-10-26 17:23 - 00000000 ____D C:\ProgramData\Skype
2013-10-26 17:10 - 2013-10-26 17:11 - 00000000 ____D C:\Users\Clayza\AppData\Local\Mobogenie
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\Documents\Mobogenie
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\AppData\Local\cache
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 _____ C:\Users\Clayza\daemonprocess.txt
2013-10-26 17:09 - 2013-11-15 16:55 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-26 17:09 - 2013-10-26 17:16 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Systweak
2013-10-26 17:09 - 2013-10-26 17:09 - 00001091 _____ C:\Users\Clayza\Desktop\MyPC Backup.lnk
2013-10-26 17:09 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-26 17:09 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Advanced System Protector
2013-10-26 17:09 - 2013-06-19 16:27 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\windows\system32\roboot64.exe
2013-10-26 17:08 - 2013-11-15 20:53 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\mysearchdial
2013-10-26 17:08 - 2013-11-15 20:53 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-10-26 17:08 - 2013-11-15 18:08 - 00000296 _____ C:\windows\Tasks\UpdaterEX.job
2013-10-26 17:08 - 2013-10-26 17:08 - 00003240 _____ C:\windows\System32\Tasks\UpdaterEX
2013-10-26 17:08 - 2013-10-26 17:08 - 00000391 _____ C:\Users\Clayza\Desktop\FREE Games.url
2013-10-26 17:08 - 2013-10-26 17:08 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\UpdaterEX
2013-10-26 16:53 - 2013-10-26 16:53 - 00000000 __SHD C:\found.000
2013-10-26 16:31 - 2013-11-15 18:10 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA.job
2013-10-26 16:31 - 2013-11-15 18:10 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core.job
2013-10-26 16:31 - 2013-10-26 17:05 - 00003910 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA
2013-10-26 16:31 - 2013-10-26 17:05 - 00003542 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core
2013-10-26 16:31 - 2013-10-26 16:32 - 00000000 ____D C:\Users\Clayza\AppData\Local\Facebook
2013-10-25 12:17 - 2013-10-25 12:17 - 01403268 _____ C:\Users\Clayza\Downloads\MOvin, CruiZin 2.m4a
2013-10-17 20:04 - 2013-11-15 16:59 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 12:56 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys

==================== One Month Modified Files and Folders =======

2013-11-15 20:53 - 2013-10-26 17:08 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\mysearchdial
2013-11-15 20:53 - 2013-10-26 17:08 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-11-15 20:53 - 2013-02-08 18:32 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-11-15 20:53 - 2012-04-26 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-15 20:53 - 2012-04-07 01:17 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\uTorrent
2013-11-15 20:53 - 2012-04-02 16:35 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-15 20:53 - 2012-04-02 12:05 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\vlc
2013-11-15 20:53 - 2012-04-01 05:59 - 00000000 ____D C:\Users\Clayza\AppData\Local\BioExcess
2013-11-15 20:53 - 2012-04-01 05:58 - 00000000 ___RD C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-15 20:53 - 2012-01-18 01:26 - 00000000 ____D C:\ProgramData\Port Locker
2013-11-15 20:53 - 2012-01-18 00:58 - 00000000 ____D C:\windows\SysWOW64\NV
2013-11-15 20:53 - 2012-01-18 00:58 - 00000000 ____D C:\windows\system32\NV
2013-11-15 20:53 - 2012-01-18 00:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-15 20:53 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat
2013-11-15 20:52 - 2012-04-01 05:58 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-11-15 20:52 - 2012-01-18 01:26 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-11-15 20:52 - 2012-01-18 00:55 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-15 20:52 - 2012-01-18 00:52 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-11-15 20:52 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2013-11-15 20:48 - 2013-11-13 13:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-15 18:17 - 2013-11-13 20:00 - 00027776 _____ C:\Users\Clayza\Downloads\FRST.txt
2013-11-15 18:17 - 2012-04-01 21:23 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 18:11 - 2012-01-18 01:29 - 01393152 _____ C:\windows\system32\TPAPSLOG.LOG
2013-11-15 18:10 - 2013-10-26 16:31 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA.job
2013-11-15 18:10 - 2013-10-26 16:31 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core.job
2013-11-15 18:08 - 2013-11-15 18:08 - 01957794 _____ (Farbar) C:\Users\Clayza\Downloads\FRST64.exe
2013-11-15 18:08 - 2013-10-26 17:08 - 00000296 _____ C:\windows\Tasks\UpdaterEX.job
2013-11-15 17:56 - 2013-10-26 17:23 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Skype
2013-11-15 17:55 - 2012-01-18 01:29 - 00442112 _____ C:\windows\system32\TPHDLOG0.LOG
2013-11-15 17:46 - 2012-01-18 01:37 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 17:17 - 2012-01-18 00:40 - 01070801 _____ C:\windows\WindowsUpdate.log
2013-11-15 17:06 - 2013-03-07 23:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 17:05 - 2013-11-15 17:03 - 00000000 ____D C:\649a24f10f8606914ee9077632
2013-11-15 17:04 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 17:04 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 17:03 - 2013-08-16 19:57 - 00000000 ____D C:\windows\system32\MRT
2013-11-15 17:03 - 2012-03-31 19:23 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-15 17:02 - 2013-11-06 13:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 17:02 - 2009-07-14 01:13 - 00005372 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-15 16:59 - 2013-10-17 20:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-15 16:59 - 2013-01-31 19:29 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-15 16:57 - 2012-01-18 01:26 - 00000000 ____D C:\ProgramData\VeriFace
2013-11-15 16:57 - 2009-07-14 00:51 - 00104014 _____ C:\windows\setupact.log
2013-11-15 16:56 - 2012-01-18 01:41 - 00233052 _____ C:\windows\system32\fastboot.set
2013-11-15 16:56 - 2012-01-18 01:26 - 02749945 _____ C:\FaceProv.log
2013-11-15 16:55 - 2013-10-26 17:09 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-15 16:55 - 2012-04-01 05:58 - 00000000 ____D C:\Users\Clayza
2013-11-15 16:55 - 2012-01-18 01:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 16:55 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-13 23:04 - 2013-11-13 20:00 - 00000000 ____D C:\FRST
2013-11-13 20:01 - 2013-11-13 20:01 - 00026174 _____ C:\Users\Clayza\Downloads\Addition.txt
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Malwarebytes
2013-11-13 13:12 - 2013-11-13 13:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-10 04:43 - 2013-11-09 22:32 - 2013021810 ____R C:\Users\Clayza\Downloads\River.Monsters.S05E01.Face.Ripper.720p.HDTV.x264-DHD.mkv
2013-11-05 21:09 - 2013-11-03 23:48 - 00000000 ____D C:\Users\Clayza\Desktop\Seashore field guide
2013-11-05 21:02 - 2013-10-28 19:24 - 00000000 ____D C:\Users\Clayza\Desktop\Seashore photos
2013-11-05 14:12 - 2013-11-05 10:41 - 00012581 _____ C:\Users\Clayza\Documents\Samping Data.xlsx
2013-11-01 16:36 - 2013-11-01 16:36 - 00000000 ____D C:\Users\Clayza\Downloads\River Monsters HD Complete with Specials
2013-11-01 16:27 - 2013-11-01 16:27 - 00000833 _____ C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-10-31 11:36 - 2012-01-18 01:21 - 00000000 ____D C:\ProgramData\McAfee
2013-10-30 22:26 - 2010-11-20 23:47 - 00054592 _____ C:\windows\PFRO.log
2013-10-30 22:26 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA(155).DAT
2013-10-28 20:34 - 2013-10-28 20:34 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files\iTunes
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files\iPod
2013-10-28 20:34 - 2013-10-28 20:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-26 17:24 - 2013-10-26 17:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-26 17:23 - 2013-10-26 17:23 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-26 17:23 - 2013-10-26 17:23 - 00000000 ____D C:\ProgramData\Skype
2013-10-26 17:16 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Systweak
2013-10-26 17:11 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\AppData\Local\Mobogenie
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\Documents\Mobogenie
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 ____D C:\Users\Clayza\AppData\Local\cache
2013-10-26 17:10 - 2013-10-26 17:10 - 00000000 _____ C:\Users\Clayza\daemonprocess.txt
2013-10-26 17:09 - 2013-10-26 17:09 - 00001091 _____ C:\Users\Clayza\Desktop\MyPC Backup.lnk
2013-10-26 17:09 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-26 17:09 - 2013-10-26 17:09 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\Advanced System Protector
2013-10-26 17:08 - 2013-10-26 17:08 - 00003240 _____ C:\windows\System32\Tasks\UpdaterEX
2013-10-26 17:08 - 2013-10-26 17:08 - 00000391 _____ C:\Users\Clayza\Desktop\FREE Games.url
2013-10-26 17:08 - 2013-10-26 17:08 - 00000000 ____D C:\Users\Clayza\AppData\Roaming\UpdaterEX
2013-10-26 17:05 - 2013-10-26 16:31 - 00003910 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002UA
2013-10-26 17:05 - 2013-10-26 16:31 - 00003542 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1604417505-2367888260-1140177268-1002Core
2013-10-26 16:53 - 2013-10-26 16:53 - 00000000 __SHD C:\found.000
2013-10-26 16:48 - 2009-07-14 01:08 - 00032584 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-26 16:32 - 2013-10-26 16:31 - 00000000 ____D C:\Users\Clayza\AppData\Local\Facebook
2013-10-25 12:17 - 2013-10-25 12:17 - 01403268 _____ C:\Users\Clayza\Downloads\MOvin, CruiZin 2.m4a
2013-10-17 12:50 - 2012-01-18 01:21 - 00000000 ____D C:\Program Files\Common Files\mcafee

Some content of TEMP:
====================
C:\Users\Clayza\AppData\Local\Temp\26791uninstall.exe
C:\Users\Clayza\AppData\Local\Temp\ApnStub.exe
C:\Users\Clayza\AppData\Local\Temp\BackupSetup.exe
C:\Users\Clayza\AppData\Local\Temp\contentDATs.exe
C:\Users\Clayza\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Clayza\AppData\Local\Temp\hasp_windows.dll
C:\Users\Clayza\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Clayza\AppData\Local\Temp\ose00000.exe
C:\Users\Clayza\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Clayza\AppData\Local\Temp\Sqlite3.dll
C:\Users\Clayza\AppData\Local\Temp\utt18DE.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 01:38

==================== End Of Log ============================

Link to post
Share on other sites

  • Download ERUNT

    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

  • Install ERUNT by following the prompts

    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

  • Start ERUNT

    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

  • Choose a location for the backup

    (the default location is C:\WINDOWS\ERDNT which is acceptable).

  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.

erunt.png

 

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.