Ran Mawarebytes found 5 Trojans, please help!

[Darkingnj]

Good Morning,

 

I ran Malware Bytes last evening and found the following Trojans:

 

Trojan.FakeMS

Trojan.FakeGoog

Trojan.Agent.FF

Trojan.Agent.RvGen

Trojan.Agent

[Darkingnj]

Please help.  Thanks!

[Naathim]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

• Analysis and research take some time, also sometimes real life gets in the way, please be patient.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Paste the logs in your posts, attachments make my work harder and more complicated.
• Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
• Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

---

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

• Right-click on icon and select Run as Administrator to start the tool.

  > XP users click run after receipt of Windows Security Warning - Open File.

  > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

 

[Darkingnj]

Hi Naat, appreciate the help!

[Naathim]

Glad to hear that, please perform my FRST scan instructions

[Darkingnj]

FRST.txt logfile:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014

Ran by Darryl (administrator) on DARRYL-PC on 30-10-2014 09:23:29

Running from C:\Users\Darryl\Downloads

Loaded Profile: Darryl (Available profiles: Darryl)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: "https://www.google.com/search?newwindow=1&q=healthcare+administration+masters+online+programs&oq=healthcare+administration+masters+online&gs_l=serp.1.1.0i67j0j0i22i30l6j0i22i10i30j0i22i30.103639.105560.0.107377.7.7.0.0.0.0.173.888.1j6.7.0....0...1c.1.54.serp..0.7.886.pfQS3fzGMS4", "hxxp://www.thebestschools.org/rankings/25-best-online-master-healthcare-administration-degree-programs/", "https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=&ie=UTF-8&q=how%20to%20get%20rid%20of%20adchoices", "hxxp://www.xp-vista.com/spyware-removal/adchoices-removal-guide", "chrome://newtab/"

CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-25]

CHR Extension: (Google Drive) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (YouTube) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-25]

CHR Extension: (McAfee Security Scan+) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-20]

CHR Extension: (Google Search) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-25]

CHR Extension: (RealPlayer Downloader) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-25]

CHR Extension: (Google Wallet) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]

CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2014-03-31]

CHR Extension: (Gmail) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-25]

CHR HKCU\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Darryl\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx []

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-12-14]

CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-03-24]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-24] (Conexant Systems, Inc.)

R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]

R2 GameGolfWatchService; C:\Program Files (x86)\GAMEGOLF\WindowsService\GameGolfWatchService.exe [15360 2014-04-14] (Windows User) [File not signed]

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]

S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2012-11-09] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]

R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-12-14] ()

R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141336 2014-01-05] (RealNetworks, Inc.)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2013-12-16] () [File not signed]

R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-29] (Malwarebytes Corporation)

R3 MCfilt; C:\Windows\System32\drivers\MCfilt64.sys [32344 2010-12-09] (Creative Technology Ltd.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)

U3 mfeavfk01; No ImagePath

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-11-09] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-30 09:23 - 2014-10-30 09:30 - 00042007 _____ () C:\Users\Darryl\Downloads\FRST.txt

2014-10-30 09:22 - 2014-10-30 09:24 - 00000000 ____D () C:\FRST

2014-10-30 09:19 - 2014-10-30 09:20 - 02113536 _____ (Farbar) C:\Users\Darryl\Desktop\FRST64.exe

2014-10-30 07:31 - 2014-10-30 07:31 - 00523846 _____ () C:\Users\Darryl\Desktop\Setup.exe

2014-10-29 21:58 - 2014-10-29 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware II

2014-10-29 21:47 - 2014-10-29 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-10-28 23:13 - 2014-10-28 23:13 - 00008564 _____ () C:\Users\Darryl\Downloads\DECRYPT_INSTRUCTION.HTML

2014-10-28 23:13 - 2014-10-28 23:13 - 00004226 _____ () C:\Users\Darryl\Downloads\DECRYPT_INSTRUCTION.TXT

2014-10-28 23:13 - 2014-10-28 23:13 - 00000278 _____ () C:\Users\Darryl\Downloads\INSTALL_TOR.URL

2014-10-28 22:57 - 2014-10-28 22:57 - 00008564 _____ () C:\Users\Darryl\Documents\DECRYPT_INSTRUCTION.HTML

2014-10-28 22:57 - 2014-10-28 22:57 - 00004226 _____ () C:\Users\Darryl\Documents\DECRYPT_INSTRUCTION.TXT

2014-10-28 22:57 - 2014-10-28 22:57 - 00000278 _____ () C:\Users\Darryl\Documents\INSTALL_TOR.URL

2014-10-28 22:56 - 2014-10-28 22:56 - 00008564 _____ () C:\Users\Darryl\AppData\Roaming\DECRYPT_INSTRUCTION.HTML

2014-10-28 22:56 - 2014-10-28 22:56 - 00008564 _____ () C:\Users\Darryl\AppData\DECRYPT_INSTRUCTION.HTML

2014-10-28 22:56 - 2014-10-28 22:56 - 00004226 _____ () C:\Users\Darryl\AppData\Roaming\DECRYPT_INSTRUCTION.TXT

2014-10-28 22:56 - 2014-10-28 22:56 - 00004226 _____ () C:\Users\Darryl\AppData\DECRYPT_INSTRUCTION.TXT

2014-10-28 22:56 - 2014-10-28 22:56 - 00000278 _____ () C:\Users\Darryl\AppData\Roaming\INSTALL_TOR.URL

2014-10-28 22:56 - 2014-10-28 22:56 - 00000278 _____ () C:\Users\Darryl\AppData\INSTALL_TOR.URL

2014-10-28 22:48 - 2014-10-28 22:48 - 00008564 _____ () C:\Users\Darryl\AppData\Local\DECRYPT_INSTRUCTION.HTML

2014-10-28 22:48 - 2014-10-28 22:48 - 00004226 _____ () C:\Users\Darryl\AppData\Local\DECRYPT_INSTRUCTION.TXT

2014-10-28 22:48 - 2014-10-28 22:48 - 00000278 _____ () C:\Users\Darryl\AppData\Local\INSTALL_TOR.URL

2014-10-28 22:22 - 2014-10-29 21:29 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1570973709-1051863692-3564122705-1000

2014-10-28 22:22 - 2014-10-29 21:29 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1570973709-1051863692-3564122705-1000

2014-10-28 21:08 - 2014-10-28 21:08 - 00008564 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML

2014-10-28 21:08 - 2014-10-28 21:08 - 00004226 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT

2014-10-28 21:08 - 2014-10-28 21:08 - 00000278 _____ () C:\ProgramData\INSTALL_TOR.URL

2014-10-28 20:28 - 2014-10-30 09:30 - 00001368 _____ () C:\ProgramData\@system.att

2014-10-28 20:28 - 2014-10-28 20:28 - 14325430 _____ (Google Inc.) C:\Users\Darryl\AppData\Roaming\GoogleUpdate.exe

2014-10-28 20:15 - 2014-10-30 09:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 2050884374.job

2014-10-28 20:15 - 2014-10-30 09:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1192087102.job

2014-10-28 20:15 - 2014-10-28 20:15 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 2050884374

2014-10-28 20:15 - 2014-10-28 20:15 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 1192087102

2014-10-28 20:15 - 2014-10-28 20:15 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Edryohyz

2014-10-28 20:15 - 2014-10-28 20:15 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Basenehu

2014-10-28 20:12 - 2014-10-30 09:26 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp

2014-10-28 20:11 - 2014-10-30 09:30 - 00001104 ____H () C:\ProgramData\@system2.att

2014-10-28 20:11 - 2014-10-28 20:22 - 00001615 _____ () C:\Users\Darryl\AppData\Roaming\687145bb

2014-10-28 20:11 - 2014-10-28 20:22 - 00000023 _____ () C:\Users\Darryl\AppData\Roaming\687145bc

2014-10-28 20:11 - 2014-10-28 20:12 - 20491118 _____ () C:\Users\Darryl\AppData\Roaming\ChromeUpdate.exe

2014-10-28 20:11 - 2014-10-28 20:11 - 00130048 _____ () C:\Users\Darryl\AppData\Roaming\2cf7806.exe

2014-10-28 20:11 - 2014-10-28 20:11 - 00000448 ____H () C:\Users\Darryl\AppData\Roaming\麽鎒駓覜

2014-10-28 20:11 - 2014-10-28 20:11 - 00000000 ___HD () C:\2cf7806

2014-10-28 20:10 - 2014-10-28 20:10 - 00070144 _____ () C:\Users\Darryl\AppData\Roaming\zsnzgkx.dll

2014-10-28 20:10 - 2014-10-28 20:10 - 00004050 _____ () C:\Windows\System32\Tasks\{A8B514D5-DEDA-3DFF-4CF2-C601CF82BDA1}

2014-10-28 20:10 - 2014-10-28 20:10 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

2014-10-28 20:10 - 2014-10-28 20:10 - 00000000 _____ () C:\Users\Darryl\AppData\Roaming\oqwusw.dll

2014-10-28 00:18 - 2014-10-28 00:18 - 00753880 _____ () C:\Users\Darryl\Downloads\uplayermediaplayer-setup (2).exe

2014-10-28 00:16 - 2014-10-28 00:16 - 00753880 _____ () C:\Users\Darryl\Downloads\uplayermediaplayer-setup (1).exe

2014-10-28 00:14 - 2014-10-28 00:14 - 00753880 _____ () C:\Users\Darryl\Downloads\uplayermediaplayer-setup.exe

2014-10-21 18:01 - 2014-10-21 18:01 - 00022752 _____ () C:\Users\Darryl\Downloads\curt's resume.zip

2014-10-21 16:33 - 2014-10-21 16:34 - 00009040 _____ () C:\Users\Darryl\Downloads\standings

2014-10-21 16:10 - 2014-10-21 16:10 - 00025545 _____ () C:\Users\Darryl\Downloads\KING, DARRYL.htm

2014-10-21 16:10 - 2014-10-21 16:10 - 00025545 _____ () C:\Users\Darryl\Downloads\KING, DARRYL (1).htm

2014-10-16 08:44 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-16 08:44 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-16 08:44 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-16 08:44 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-16 08:44 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-16 08:44 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-16 08:44 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 08:44 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-16 08:44 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-16 08:44 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-16 08:44 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-16 08:44 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-16 08:44 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 08:44 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 08:44 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 08:44 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-16 08:44 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-16 08:44 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 08:44 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-16 08:44 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-16 08:44 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-16 08:44 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-16 08:44 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 08:44 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 08:44 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-16 08:44 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-16 08:44 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-16 08:44 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-16 08:44 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-16 08:44 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-16 08:44 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-16 08:44 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-16 08:44 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 08:44 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-16 08:44 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-16 08:44 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-16 08:44 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-16 08:44 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-16 08:44 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 08:44 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-16 08:44 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 08:44 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-16 08:44 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-16 08:44 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-16 08:44 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-16 08:44 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-16 08:44 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-16 08:44 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 08:44 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-16 08:44 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-16 08:44 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-16 08:44 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 08:44 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-16 08:44 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-16 08:44 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-16 08:44 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 08:44 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-16 08:44 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-16 08:44 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-16 08:44 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-16 08:44 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-16 08:44 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-16 08:44 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-16 08:44 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-16 08:44 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-16 08:44 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-16 08:44 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-16 08:44 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-16 08:43 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-16 08:43 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-16 08:43 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-16 08:43 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-16 08:43 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2014-10-16 08:43 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-10-16 08:43 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-16 08:43 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-16 08:43 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-16 08:43 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-16 08:43 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-10-16 08:42 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 08:42 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-16 08:42 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-16 08:42 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-16 08:42 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-16 08:42 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-16 08:42 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-16 08:42 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-16 08:42 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-16 08:42 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-16 08:42 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-16 08:42 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-16 08:42 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-09 23:42 - 2014-10-09 23:42 - 00000000 ____D () C:\ProgramData\com.gamehouse.acid

2014-10-09 23:41 - 2014-10-09 23:41 - 00002039 _____ () C:\Users\Darryl\Desktop\Vacation Adventures - Cruise Director.lnk

2014-10-09 23:41 - 2014-10-09 23:41 - 00000000 ____D () C:\Users\Darryl\AppData\Local\com.gamehouse.acid

2014-10-09 23:38 - 2014-10-09 23:38 - 00001168 _____ () C:\Users\Darryl\Downloads\concfpln.zip

2014-10-09 23:32 - 2014-10-09 23:32 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\TreeCardGames

2014-10-09 23:30 - 2014-10-09 23:30 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk

2014-10-09 23:30 - 2014-10-09 23:30 - 00001039 _____ () C:\Users\Public\Desktop\123 Free Solitaire.lnk

2014-10-09 23:30 - 2014-10-09 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire

2014-10-09 23:30 - 2014-10-09 23:30 - 00000000 ____D () C:\Program Files (x86)\123 Free Solitaire

2014-10-09 23:29 - 2014-10-09 23:29 - 07103672 _____ (TreeCardGames ) C:\Users\Darryl\Downloads\123freesolitaire-v100-setup.exe

2014-10-08 20:28 - 2014-10-08 20:27 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-10-08 20:27 - 2014-10-08 20:27 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-10-08 20:27 - 2014-10-08 20:27 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-10-08 20:27 - 2014-10-08 20:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-10-08 20:15 - 2014-10-08 20:15 - 00918440 _____ (Oracle Corporation) C:\Users\Darryl\Downloads\jre-7u67-windows-i586-iftw.exe

2014-10-08 20:05 - 2014-10-08 20:07 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

2014-10-06 08:36 - 2014-10-28 22:57 - 00000000 ____D () C:\Users\Darryl\Documents\My Scans

2014-09-30 19:43 - 2014-09-30 19:43 - 00000000 ____D () C:\Users\Darryl\AppData\Local\{FB8B0895-A33D-4337-9A9D-2EC230BEE6F0}

2014-09-30 16:28 - 2014-10-27 13:25 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1570973709-1051863692-3564122705-1000

2014-09-30 16:24 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-09-30 16:24 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-30 09:26 - 2011-10-06 22:05 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570973709-1051863692-3564122705-1000UA.job

2014-10-30 09:14 - 2011-10-07 14:36 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Dropbox

2014-10-30 08:50 - 2011-10-15 11:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-30 08:49 - 2012-04-27 08:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-30 07:50 - 2014-06-19 22:50 - 00006912 _____ () C:\Users\Darryl\Downloads\Re Scott Baxley  AAA.eml

2014-10-30 06:31 - 2013-08-25 10:06 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-10-30 03:03 - 2011-10-02 16:45 - 01188282 _____ () C:\Windows\WindowsUpdate.log

2014-10-29 23:33 - 2012-03-02 20:35 - 00000000 ____D () C:\Users\Darryl\TTD(2011)

2014-10-29 23:08 - 2012-01-16 01:41 - 00000000 ____D () C:\Users\Darryl\Mystical Island

2014-10-29 22:03 - 2014-09-02 21:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-29 21:58 - 2014-09-02 21:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-29 21:58 - 2013-05-28 14:53 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-29 21:38 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-29 21:38 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-29 21:28 - 2011-10-15 11:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-29 21:28 - 2011-10-02 15:27 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-10-29 21:28 - 2011-10-02 15:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-10-29 21:28 - 2011-10-02 15:18 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-10-29 21:27 - 2011-10-07 15:42 - 00000202 _____ () C:\Windows\Tasks\AutoKMS.job

2014-10-29 21:27 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-29 21:27 - 2009-07-14 00:51 - 00114760 _____ () C:\Windows\setupact.log

2014-10-28 23:18 - 2014-03-24 17:38 - 00000000 ____D () C:\Users\Darryl\Logitech

2014-10-28 23:17 - 2011-10-07 14:39 - 00000000 ___RD () C:\Users\Darryl\Dropbox

2014-10-28 23:13 - 2014-08-01 21:12 - 00000000 ____D () C:\Users\Darryl\Downloads\Watches 2014

2014-10-28 22:57 - 2014-03-20 10:32 - 00000000 ____D () C:\Users\Darryl\Documents\ScanSnap

2014-10-28 22:57 - 2014-01-07 23:15 - 00000000 ____D () C:\Users\Darryl\Documents\AHIP Courses

2014-10-28 22:56 - 2013-07-18 16:27 - 00000000 ____D () C:\Users\Darryl\Desktop\PDFLuggageTagTool

2014-10-28 22:56 - 2012-11-11 12:04 - 00000000 ____D () C:\Users\Darryl\Desktop\(2) Darryl King_files

2014-10-28 22:56 - 2012-09-13 03:03 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Skype

2014-10-28 22:56 - 2012-08-11 16:28 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\SecondLife

2014-10-28 22:56 - 2011-10-06 15:35 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\ZinioReader4

2014-10-28 22:55 - 2013-10-30 22:04 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Merscom

2014-10-28 22:55 - 2012-01-13 19:41 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Mozilla

2014-10-28 22:55 - 2011-10-30 11:42 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Real

2014-10-28 22:55 - 2011-10-19 07:58 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\PlayFirst

2014-10-28 22:55 - 2011-10-06 17:00 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\PCDr

2014-10-28 22:52 - 2013-05-01 21:44 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\FlvtoConverter

2014-10-28 22:52 - 2013-02-02 02:55 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\DVDVideoSoft

2014-10-28 22:52 - 2011-10-15 20:26 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Apple Computer

2014-10-28 22:52 - 2011-10-07 15:50 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Blio

2014-10-28 22:52 - 2011-10-06 14:08 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Dell

2014-10-28 22:49 - 2011-10-06 15:35 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Adobe

2014-10-28 22:48 - 2012-08-11 16:28 - 00000000 ____D () C:\Users\Darryl\AppData\Local\SecondLife

2014-10-28 22:48 - 2011-10-06 14:32 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Nero

2014-10-28 22:42 - 2012-01-13 19:41 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Mozilla

2014-10-28 22:42 - 2011-10-09 23:12 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Microsoft Games

2014-10-28 22:38 - 2013-01-05 21:05 - 00000000 ____D () C:\Users\Darryl\AppData\Local\iLivid

2014-10-28 21:17 - 2011-10-06 22:05 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Google

2014-10-28 21:10 - 2012-04-09 00:19 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Geckofx

2014-10-28 21:10 - 2012-01-13 19:21 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Babylon

2014-10-28 21:10 - 2011-10-15 20:27 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Apple Computer

2014-10-28 21:10 - 2011-10-06 14:09 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Dell

2014-10-28 21:09 - 2012-01-16 00:45 - 00000000 ____D () C:\Users\Darryl\Airport Control Simulator

2014-10-28 21:08 - 2014-09-22 18:45 - 00000000 ____D () C:\Users\Darryl\.gamegolf

2014-10-28 21:08 - 2014-01-05 15:29 - 00000000 ____D () C:\ProgramData\RealNetworks

2014-10-28 21:08 - 2011-10-30 11:42 - 00000000 ____D () C:\ProgramData\Real

2014-10-28 21:08 - 2011-10-02 15:50 - 00000000 ____D () C:\ProgramData\Sonic

2014-10-28 21:08 - 2011-10-02 15:20 - 00000000 ____D () C:\ProgramData\Skype

2014-10-28 20:19 - 2014-06-12 17:42 - 00000000 ____D () C:\ProgramData\GRETECH

2014-10-28 20:19 - 2012-03-02 20:36 - 00000000 ____D () C:\ProgramData\Intuit

2014-10-28 20:19 - 2011-10-13 22:52 - 00000000 ____D () C:\ProgramData\20 days v1.0

2014-10-28 20:12 - 2009-07-13 19:19 - 00434096 ___SH () C:\ProgramData\b04bh4d248.exe

2014-10-28 19:59 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-27 17:15 - 2013-05-21 23:08 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-10-27 16:26 - 2011-10-06 22:05 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570973709-1051863692-3564122705-1000Core.job

2014-10-27 15:31 - 2011-10-07 15:42 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job

2014-10-27 13:25 - 2014-09-15 09:59 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1570973709-1051863692-3564122705-1000

2014-10-21 16:21 - 2011-10-06 22:05 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1570973709-1051863692-3564122705-1000UA

2014-10-21 16:21 - 2011-10-06 22:05 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1570973709-1051863692-3564122705-1000Core

2014-10-20 07:39 - 2009-07-14 01:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-10-19 09:45 - 2011-10-15 11:14 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-19 09:45 - 2011-10-15 11:14 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-18 12:53 - 2014-06-19 00:25 - 00000000 ____D () C:\Windows\rescache

2014-10-17 08:37 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-10-17 08:34 - 2009-07-14 00:45 - 00469872 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-17 08:30 - 2014-04-30 02:32 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-17 00:43 - 2013-08-18 01:55 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-17 00:43 - 2012-09-06 20:14 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-10 00:44 - 2011-10-07 12:00 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\SoftGrid Client

2014-10-09 23:42 - 2013-10-30 22:04 - 00000000 ____D () C:\ProgramData\Trymedia

2014-10-09 23:41 - 2013-10-30 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse

2014-10-09 23:41 - 2013-10-30 22:01 - 00000000 ____D () C:\GameHouse Games

2014-10-08 20:29 - 2014-01-01 22:20 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-08 20:27 - 2011-10-02 15:00 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-02 15:53 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-01 11:11 - 2014-09-02 21:39 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-01 11:11 - 2014-09-02 21:39 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-01 11:11 - 2013-05-28 14:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

 

Files to move or delete:

====================

C:\ProgramData\b04bh4d248.exe

 

 

Some content of TEMP:

====================

C:\Users\Darryl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprmmn2n.dll

C:\Users\Darryl\AppData\Local\Temp\ExPromo.exe

C:\Users\Darryl\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Darryl\AppData\Local\Temp\lowproc.exe

C:\Users\Darryl\AppData\Local\Temp\msavfwcfe.exe

C:\Users\Darryl\AppData\Local\Temp\RstApp.exe

C:\Users\Darryl\AppData\Local\Temp\stubhelper.dll

C:\Users\Darryl\AppData\Local\Temp\stuprt.exe

C:\Users\Darryl\AppData\Local\Temp\UpdateFlashPlayer_0bbe366f.exe

C:\Users\Darryl\AppData\Local\Temp\UpdateFlashPlayer_1ffeb399.exe

C:\Users\Darryl\AppData\Local\Temp\UpdateFlashPlayer_6553c2c9.exe

C:\Users\Darryl\AppData\Local\Temp\UpdateFlashPlayer_7ec9e5ca.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-16 11:36

 

==================== End Of Log ============================

[Darkingnj]

Addition.txt logfile:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014

Ran by Darryl at 2014-10-30 09:45:31

Running from C:\Users\Darryl\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

123 Free Solitaire v10.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version:  - TreeCardGames)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden

ABBYY FineReader for ScanSnap 4.1 (HKLM-x32\...\{FB410000-0002-0000-0000-074957833700}) (Version: 8.02.650.72522 - ABBYY)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

Amazing Adventures The Caribbean Secret (HKLM-x32\...\Amazing Adventures The Caribbean Secret1.0) (Version: 1.0 - AllSmartGames)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)

AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )

Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - ) <==== ATTENTION

Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bing Bar (HKLM-x32\...\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}) (Version: 7.1.391.0 - Microsoft Corporation)

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

C6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L50 - PFU)

CardMinder V4.1 (x32 Version: 4.1.50.1 - PFU) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

CLEAR™ WiMAX Tutorial (HKLM-x32\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.0.10 - Intel Corporation)

Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)

Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.16.0 - Conexant)

Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)

Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)

Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)

Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)

Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.13.0 - Synaptics Incorporated)

Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)

Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version:  - Tuguu SLU) <==== ATTENTION

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

DVC5.1 Driver (HKLM-x32\...\{0DCCE3F4-E888-40E8-8AE5-CF8058F25631}) (Version:  - )

Escape Whisper Valley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

GAME GOLF Transfer (HKLM-x32\...\{1579E963-0C00-4C3E-B813-692629CA4409}) (Version: 1.0.1.0 - Active Mind Technology)

GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

GoZone iSync (HKLM-x32\...\GoZone iSync) (Version: 2.0.0 - Virgin HealthMiles)

Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)

Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{E5A24F8D-40E1-45CB-B509-81186D795735}) (Version: 13.0 - HP)

HP Product Detection (HKLM-x32\...\{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}) (Version: 11.10.1000 - HP)

HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)

iGolf Sync Plugin (HKLM-x32\...\iGolf Sync Plugin_is1) (Version: 1.0.0.2 - L1 Technologies, Inc.)

iGolfSync (HKLM-x32\...\{318FEC26-0FB9-44EA-8BF5-E0C498C1234F}) (Version: 0.3.3.5 - L1 Technologies, Inc.)

iLivid (HKLM-x32\...\iLivid) (Version: 4.0.0.2410 - Bandoo Media Inc) <==== ATTENTION

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)

Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)

Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )

Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)

iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)

IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)

Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.6.443 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 10.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 en-US)) (Version: 10.0.2 - Mozilla)

mscomctlfix (HKLM-x32\...\{769B6C6E-9DC8-409F-942A-610D31412F8C}) (Version: 1.00.0000 - )

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

Mystery P.I. Series (HKLM-x32\...\{7B687065-88FC-4D0F-B470-4A0DF9D0216A}) (Version: 6.6.6 - LeeGT-Games)

Mystical Island (HKLM-x32\...\{6D7885A8-E47E-423B-8184-47D9556BF6D7}) (Version: 1.0.0 - LeeGT-Games)

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden

Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )

Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)

PS_AIO_04_C6300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)

QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

RealDownloader (x32 Version: 1.7.0 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.4 - RealNetworks)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden

Samsung DVC Media 5.1 (HKLM-x32\...\{158BC6C5-5950-4FDD-BE33-0294668923F2}) (Version:  - )

SaveShare 1.74 (HKLM-x32\...\SP_703c874a) (Version:  - )

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

ScanSnap (x32 Version: 5.1.62.2 - PFU Limited) Hidden

ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU)

ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L61 - PFU)

ScanSnap Organizer (x32 Version: 4.1.61.1 - PFU LIMITED) Hidden

SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)

Shutter Island (HKLM-x32\...\69bad10e52fe4a34fc6470ccf51cf9df) (Version:  - GameHouse)

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)

Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{8B71AEF4-0681-41E7-BFD1-18F18BEF5A5C}) (Version: 6.5 - Silicon Laboratories, Inc.)

Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden

SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)

SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

Trainz (HKLM-x32\...\{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}) (Version: 1.00.000 - )

TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden

TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)

TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)

TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)

UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

Vacation Adventures - Cruise Director (HKLM-x32\...\b6d0b99be4055da17cd5e74ee99f729e) (Version:  - GameHouse)

VAFPlayer (HKLM-x32\...\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}) (Version: 1.6.8 - Tuguu SL) <==== ATTENTION

Vegas Penny Slots Pack 1 and 2 (HKLM-x32\...\{C3E75445-0AFD-4C2C-A33D-435CC0FA919E}) (Version: 2.2.2 - LeeGT-Games)

Videora iPod Converter 6 (HKLM-x32\...\Videora iPod Converter) (Version: 6 - Red Kawa)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)

WildTangent Games App (Dell Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden

Windows Driver Package - Active Mind Technology, Inc. CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\E91002B840385A60FA24C1EC4DA6C2135D349B06) (Version: 07/12/2013 2.08.30 - Active Mind Technology, Inc.)

Windows Driver Package - Active Mind Technology, Inc. CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\B70EE4609E28DD33B5E744358133498D3D9737B4) (Version: 07/12/2013 2.08.30 - Active Mind Technology, Inc.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

Youtube MP3 Converter IE Plugin 1.0 (remove only) (HKLM-x32\...\YoutubeMP3Converter) (Version:  - )

Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1570973709-1051863692-3564122705-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Darryl\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-1570973709-1051863692-3564122705-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1570973709-1051863692-3564122705-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-1570973709-1051863692-3564122705-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-1570973709-1051863692-3564122705-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-1570973709-1051863692-3564122705-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1570973709-1051863692-3564122705-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {00F781A4-AA25-4FF3-82A2-67969E366D96} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1570973709-1051863692-3564122705-1000Core => C:\Users\Darryl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {0E6C649A-1160-43DC-A5BA-B5D449B018A4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1570973709-1051863692-3564122705-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)

Task: {17B6FD84-5CE8-4C9E-B1C3-E8FD94312752} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

Task: {2590F13B-A107-48B8-A8B6-6FAAD9D72B9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: {2C03C8A3-A013-47C4-9890-288B176FA95B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1570973709-1051863692-3564122705-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)

Task: {34E21958-1D52-4D74-941C-C52EF5650309} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {452032EF-A97E-4AD1-87EC-8EEDBA1DDA11} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1570973709-1051863692-3564122705-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-12-14] (RealNetworks, Inc.)

Task: {4DD07D67-9BE4-4CC2-8D49-58EEEFC84048} - System32\Tasks\{A8B514D5-DEDA-3DFF-4CF2-C601CF82BDA1} => C:\Users\Darryl\AppData\Roaming\zsnzgkx.dll [2014-10-28] () <==== ATTENTION

Task: {6C00A29A-D494-47A7-8C84-C9EF152212CA} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {703FBBCE-D21E-43B6-8948-B7629861C504} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1570973709-1051863692-3564122705-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)

Task: {775B3EAB-4AA4-4521-8ABC-7438944B940D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

Task: {78A20782-4394-4B9A-A544-D8024A234E73} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {7A986353-807C-4A5D-B1CF-489F85D3D2D2} - System32\Tasks\Security Center Update - 1192087102 => C:\Users\Darryl\AppData\Roaming\Basenehu\huceym.exe [2012-08-11] () <==== ATTENTION

Task: {7E8C7FF8-323A-420A-927D-4A10150E37E5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe

Task: {A020F43F-D769-4294-84E2-3A71564A09C4} - System32\Tasks\RealCreateProcessScheduledTask79881544S-1-5-21-1570973709-1051863692-3564122705-1000 => c:\program files (x86)\real\realplayer\realplay.exe [2014-01-05] (RealNetworks, Inc.)

Task: {AC819ED6-32DA-4403-91B0-3E9CD18B9A50} - System32\Tasks\Security Center Update - 2050884374 => C:\Users\Darryl\AppData\Roaming\Edryohyz\uwuryf.exe [2013-03-07] () <==== ATTENTION

Task: {C2EC1219-F524-4CF3-89EC-A00B9B84D62D} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe

Task: {D5B2E174-EA22-45D4-B367-4C96880D4941} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1570973709-1051863692-3564122705-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-12-14] (RealNetworks, Inc.)

Task: {D9D8F768-C38A-4CB1-BDD1-35B3406DC137} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1570973709-1051863692-3564122705-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)

Task: {DAAFDD7D-CC75-461A-85C0-0D620E101AE7} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1570973709-1051863692-3564122705-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-12-14] (RealNetworks, Inc.)

Task: {FA18372F-22B7-46DF-9BAB-C2A7341A8E39} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1570973709-1051863692-3564122705-1000UA => C:\Users\Darryl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe

Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570973709-1051863692-3564122705-1000Core.job => C:\Users\Darryl\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570973709-1051863692-3564122705-1000UA.job => C:\Users\Darryl\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1570973709-1051863692-3564122705-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe

Task: C:\Windows\Tasks\Security Center Update - 1192087102.job => C:\Users\Darryl\AppData\Roaming\Basenehu\huceym.exe

Task: C:\Windows\Tasks\Security Center Update - 2050884374.job => C:\Users\Darryl\AppData\Roaming\Edryohyz\uwuryf.exe

 

==================== Loaded Modules (whitelisted) =============

 

2010-12-17 14:53 - 2010-12-17 14:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

2013-12-14 16:48 - 2013-12-14 16:48 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2013-12-16 18:44 - 2013-12-16 18:44 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2011-10-02 15:19 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2011-10-09 19:07 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll

2012-09-08 03:32 - 2012-09-08 03:32 - 00943504 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll

2011-10-09 10:49 - 2011-02-28 08:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll

2011-10-02 16:22 - 2011-04-15 14:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-10-02 15:04 - 2010-12-17 11:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

2010-12-17 14:53 - 2010-12-17 14:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll

2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:0F38F234

AlternateDataStreams: C:\ProgramData\Temp:1E17A249

AlternateDataStreams: C:\ProgramData\Temp:409A775B

AlternateDataStreams: C:\ProgramData\Temp:61F0C8FB

AlternateDataStreams: C:\ProgramData\Temp:678F890D

AlternateDataStreams: C:\ProgramData\Temp:8AA8199A

AlternateDataStreams: C:\ProgramData\Temp:B84EF836

AlternateDataStreams: C:\ProgramData\Temp:C9CDDE5E

AlternateDataStreams: C:\ProgramData\Temp:DFC3B090

AlternateDataStreams: C:\Users\Darryl\Downloads\Re Scott Baxley  AAA.eml:OECustomProperty

AlternateDataStreams: C:\Users\Darryl\AppData\Roaming\2cf7806.exe:1

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1570973709-1051863692-3564122705-500 - Administrator - Disabled)

Darryl (S-1-5-21-1570973709-1051863692-3564122705-1000 - Administrator - Enabled) => C:\Users\Darryl

Guest (S-1-5-21-1570973709-1051863692-3564122705-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1570973709-1051863692-3564122705-1002 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Name: Photosmart C6300 series

Description: Photosmart C6300 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/30/2014 06:52:42 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x00007d42

Faulting process id: 0x1e68

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (10/30/2014 06:52:42 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x00003993

Faulting process id: 0x2264

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (10/30/2014 06:11:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x00008824

Faulting process id: 0x8f4

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (10/30/2014 06:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x00007d42

Faulting process id: 0x6e80

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (10/30/2014 06:05:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x0000ec76

Faulting process id: 0x8f4

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (10/30/2014 06:05:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x00007d42

Faulting process id: 0x12cc

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (10/30/2014 05:12:10 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x0000881b

Faulting process id: 0x1670

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (10/30/2014 03:19:17 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x00007d42

Faulting process id: 0x3d24

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (10/30/2014 01:28:03 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x0001494e

Faulting process id: 0x1820

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (10/30/2014 01:22:55 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b

Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0

Exception code: 0xc0000005

Fault offset: 0x00976af5

Faulting process id: 0x1c7c

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

 

System errors:

=============

Error: (10/30/2014 06:04:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

 

Error: (10/30/2014 01:11:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee McShield service failed to start due to the following error: 

%%1053

 

Error: (10/30/2014 01:11:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.

 

Error: (10/30/2014 01:10:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

 

Error: (10/29/2014 11:06:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Apple Mobile Device service.

 

Error: (10/29/2014 11:05:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sftlist service.

 

Error: (10/29/2014 09:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 

%%1053

 

Error: (10/29/2014 09:52:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

 

Error: (10/29/2014 09:38:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

 

Error: (10/29/2014 09:35:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Update service hung on starting.

 

 

Microsoft Office Sessions:

=========================

Error: (10/30/2014 06:52:42 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c000000500007d421e6801cff3e14f22b526C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dllded2442f-6022-11e4-bdb6-848f69aec2b9

 

Error: (10/30/2014 06:52:42 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c000000500003993226401cff42da2701598C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dllde79c2a3-6022-11e4-bdb6-848f69aec2b9

 

Error: (10/30/2014 06:11:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c0000005000088248f401cff3e14ecd039dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dll19138800-601d-11e4-bdb6-848f69aec2b9

 

Error: (10/30/2014 06:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c000000500007d426e8001cff4162b19715bC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dll61205e09-601c-11e4-bdb6-848f69aec2b9

 

Error: (10/30/2014 06:05:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c00000050000ec768f401cff3e14ecd039dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dll4231f9e7-601c-11e4-bdb6-848f69aec2b9

 

Error: (10/30/2014 06:05:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c000000500007d4212cc01cff3e1437e2c2eC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dll421326d4-601c-11e4-bdb6-848f69aec2b9

 

Error: (10/30/2014 05:12:10 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c00000050000881b167001cff3e13d8f7e3fC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dlld37a8ccd-6014-11e4-bdb6-848f69aec2b9

 

Error: (10/30/2014 03:19:17 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c000000500007d423d2401cff4049c789e6dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dll0d5cb125-6005-11e4-bdb6-848f69aec2b9

 

Error: (10/30/2014 01:28:03 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c00000050001494e182001cff3e146b38dfdC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dll846f408a-5ff5-11e4-bdb6-848f69aec2b9

 

Error: (10/30/2014 01:22:55 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b0c000000500976af51c7c01cff3e1425bc44dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dllccd22716-5ff4-11e4-bdb6-848f69aec2b9

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-17 09:20:12.025

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-13 04:00:51.337

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-13 04:00:51.337

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-13 03:59:19.937

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-13 04:14:33.000

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-13 04:14:33.000

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-13 04:13:49.522

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-07-11 09:33:19.624

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-07-11 09:33:19.621

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-07-11 09:32:16.486

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 85%

Total physical RAM: 6030.99 MB

Available physical RAM: 882.02 MB

Total Pagefile: 13277.7 MB

Available Pagefile: 1686.34 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:10.38 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 07F2837E)

Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)

Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=576.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[Naathim]

Your machine is very heavily compromised. I also see some signs of ransomware... I don't know how much we will be able to do here.



Backdoor warning!

Unfortunately your machine seems to be heavy compromised by a Backdoor Trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files. My advice for this moment:

• Disconnect this machine from the internet.
• Change your online passwords from a well-known clean computer (not this one!).
• It would be also wise to inform financial institutions about your situation - see here.

Many experts believe that the best action should be reformat and reinstall, but I think that we can still be able to clean this one and return it to its normal funcionality (with no security guarantee afterwards, as this is a very severe type of infection).

• If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
• If you wish to omit the reinstallation, just please proceed with the next steps directed.

I believe that we can kill this nasty bad guy


Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
Don't forget to re-enable your previously switched-off protection software!



Scan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.

• Enter the IDTool directory, right-click on icon and select Run as Administrator to start the tool.
• IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
• Wait patiently until the cool will collect necessary data.
• Once the main console is loaded, please press Rescan Computer and Generate a New Report.
• When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
• Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.

Please include that in your next reply.

[Darkingnj]

Based on your response and the reformat and reinstall link it's probably better to do a complete reinstall? Do you concur?

[Naathim]

Being honest - yes it is. There are numerous and heavy infections here, your system is probably very broken inside and we may not be able even to recover all this damage.

 

Sorry to be the bearer of such bad news

[Darkingnj]

No problem, glad you were able to provide assistance.

 

How do I do a complete reformat and reinstall?

[Naathim]

Do you have your windows installation disc?

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.