Jump to content

Need Assistance Removing Malware


Kybone
 Share

Recommended Posts

Hello,

 

I have read the tutorial topic and have completed the first couple of steps. Prior to this, I ran several different anti-malware programs, including your own MalwareBytes. I want to ensure that the PC is safe and am creating this post. I will post the contents of each .txt file below:

...

 

Results of FRST.txt:

...

...

...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by Kyle (administrator) on KYLE-PC on 22-12-2014 15:19:04
Running from C:\Users\Kyle\Desktop
Loaded Profile: Kyle (Available profiles: Kyle & Mcx1)
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-21] (Synaptics, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2129488 2009-05-14] (Dell Inc.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {2f98be92-72af-11e1-982e-00242cb6dcbc} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {38629b9c-0097-11e2-a0df-002219edf4b9} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {5bbd1d38-f8ff-11e0-bb98-00242cb6dcbc} - F:\WIN\setup.exe
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {9c8639af-474f-11e4-9624-002219edf4b9} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {9c8639b8-474f-11e4-9624-02292b040e03} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {afbe7e5a-1c9f-11e4-acc9-002219edf4b9} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\rh2w6skl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2030912811-2242992003-1410454293-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2030912811-2242992003-1410454293-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2030912811-2242992003-1410454293-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2030912811-2242992003-1410454293-1000: electronicarts.com/GameFacePlugin -> C:\Users\Kyle\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKU\S-1-5-21-2030912811-2242992003-1410454293-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF user.js: detected! => C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\rh2w6skl.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kyle\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kyle\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Extension: ArcadeWeb - C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com [2012-07-20]
FF Extension: RotoGrinders FanDuel Helper - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\rh2w6skl.default\Extensions\jid1-MB0lti0EYRDOmA@jetpack.xpi [2014-11-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-08-13]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.theintentionallife.com/
CHR StartupUrls: Default -> "hxxp://feed.snap.do/?publisher=Tightrope&dpid=Tightrope&co=US&userid=21674078-52f2-4099-8a5b-73a663c92fcc&searchtype=hp", "hxxp://www.bing.com/?pc=U155"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> https://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab?setmkt=en-US
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Gliffy Diagrams) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-08-05]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2013-02-13]
CHR Extension: (Gmail Offline) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-01-29]
CHR Extension: (Google Calendar) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-01-29]
CHR Extension: (RotoGrinders FanDuel Helper) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felhhccenjfgepphdanniaeclbjhklca [2014-11-18]
CHR Extension: (PicMonkey) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2013-01-29]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2013-01-30]
CHR Extension: (Grey Minimalist) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibnimblojplfbdgeebipbioedefogoi [2014-12-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-11-04]
CHR Extension: (Wolfram|Alpha (Official)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2013-01-29]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-11-18]
CHR Extension: (Save to Pulse) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnghiiajfangdaolekmphkaohhcnklj [2013-01-29]
CHR Extension: (Pocket Website) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2013-02-03]
CHR Extension: (Klout) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2014-11-18]
CHR Extension: (Silver Bird Plus (Twitter Client)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee [2014-11-18]
CHR Extension: (Evernote Web) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-01-29]
CHR Extension: (Google Maps) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-29]
CHR Extension: (RotoGrinders Basketball Reference) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mklaikjfchdedoaemannepoofcpgbfbn [2014-11-20]
CHR Extension: (Save to Pocket) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-01-29]
CHR Extension: (MuteTab) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2013-03-18]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [olbeblfeajodfbigdebdgojjdonaikac] - C:\Users\Kyle\AppData\Local\TidyNetwork.com\tidy.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 0278061418957423mcinstcleanup; C:\Windows\TEMP\027806~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1454080 2009-02-11] (Intel® Corporation) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [306688 2009-02-11] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [825856 2009-02-11] (Intel® Corporation) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [308592 2010-09-13] (Sierra Wireless, Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [X]
S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X]
S4 nidevldu; %SystemRoot%\SysWOW64\nipalsm.exe [X]
S3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [X]
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [X]
S4 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 dmodusb; C:\Windows\System32\DRIVERS\dmodusb.sys [32768 2008-12-16] (Windows ® Codename Longhorn DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 MUXMP; C:\Windows\System32\DRIVERS\mux.sys [36400 2009-02-09] (Intel© Corporation)
S3 MUXP; C:\Windows\System32\DRIVERS\mux.sys [36400 2009-02-09] (Intel© Corporation)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbusx64.sys [102656 2010-06-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [240640 2010-06-21] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [210944 2010-06-21] (Sierra Wireless Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2011-06-21] (Jungo)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MFE_RR; \??\C:\Users\Kyle\AppData\Local\Temp\mfe_rr.sys [X]
S3 niraptrkw; system32\DRIVERS\niraptrkw.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 15:19 - 2014-12-22 15:19 - 00025133 _____ () C:\Users\Kyle\Desktop\FRST.txt
2014-12-22 15:18 - 2014-12-22 15:19 - 00000000 ____D () C:\FRST
2014-12-22 15:16 - 2014-12-22 15:16 - 02122240 _____ (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
2014-12-22 15:10 - 2014-12-22 15:10 - 00852505 _____ () C:\Users\Kyle\Desktop\SecurityCheck.exe
2014-12-22 15:08 - 2014-12-22 15:08 - 13087456 _____ (Microsoft Corporation) C:\Users\Kyle\Downloads\Silverlight_x64.exe
2014-12-22 15:03 - 2014-12-22 15:03 - 00001742 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk
2014-12-22 15:03 - 2014-12-22 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2014-12-22 15:02 - 2014-12-22 15:03 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-12-22 15:01 - 2014-12-22 15:02 - 25950542 _____ () C:\Users\Kyle\Desktop\SeaMonkey Setup 2.25.exe
2014-12-22 13:01 - 2014-12-22 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-22 12:59 - 2014-12-22 14:06 - 00000000 ____D () C:\Users\Kyle\Desktop\mbar
2014-12-22 12:58 - 2014-12-22 12:58 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Kyle\Desktop\mbar-1.08.2.1001.exe
2014-12-22 12:56 - 2014-12-22 12:56 - 00000310 _____ () C:\Users\Kyle\Desktop\RootkitRemover_20141222_125621.log
2014-12-22 12:55 - 2014-12-22 12:56 - 00000206 _____ () C:\Users\Kyle\Desktop\RootkitRemover_20141222_125559.log
2014-12-22 12:55 - 2014-12-22 12:55 - 00783120 _____ (McAfee, Inc.) C:\Users\Kyle\Desktop\rootkitremover.exe
2014-12-22 12:31 - 2014-12-22 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-22 12:01 - 2014-12-22 12:01 - 00001353 _____ () C:\Users\Public\Desktop\WinZip System Utilities Suite.lnk
2014-12-22 12:01 - 2014-12-22 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip System Utilities Suite
2014-12-22 12:00 - 2014-12-22 12:01 - 00000000 ____D () C:\Program Files (x86)\WinZip System Utilities Suite
2014-12-22 12:00 - 2014-12-22 12:00 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-22 11:59 - 2014-12-22 11:59 - 14339216 _____ (WinZip ) C:\Users\Kyle\Desktop\wzsus18.exe
2014-12-22 11:53 - 2014-12-22 11:53 - 00003370 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2014-12-21 19:05 - 2014-12-21 19:05 - 00000721 _____ () C:\Users\Kyle\Desktop\FreeFixer.lnk
2014-12-20 11:52 - 2014-12-20 11:52 - 00000000 _____ () C:\Windows\Minidump\Mini122014-02.dmp
2014-12-20 02:49 - 2014-12-20 02:49 - 00283080 _____ () C:\Windows\Minidump\Mini122014-01.dmp
2014-12-19 13:39 - 2014-12-19 13:39 - 00012827 _____ () C:\scan12-19-14.txt
2014-12-19 13:08 - 2014-12-22 13:01 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 13:08 - 2014-12-22 12:59 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 13:08 - 2014-12-19 13:08 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 13:08 - 2014-12-19 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 13:08 - 2014-12-19 13:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 13:08 - 2014-12-19 13:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-19 13:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-19 13:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 17:00 - 2014-12-18 17:00 - 00450621 _____ () C:\Users\Kyle\Desktop\errorlog.xml
2014-12-18 16:52 - 2014-12-18 16:52 - 00159578 _____ () C:\Users\Kyle\Desktop\JavaRa-2.6.zip
2014-12-18 15:41 - 2014-12-18 15:41 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Rainmaker_Software_Group_
2014-12-18 15:40 - 2014-12-22 11:56 - 00000000 ____D () C:\Users\Kyle\Documents\ProPCCleaner
2014-12-18 15:40 - 2014-12-18 16:53 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-12-18 15:40 - 2014-12-18 15:40 - 00000912 _____ () C:\Users\Public\Desktop\Pro PC Cleaner.lnk
2014-12-18 15:40 - 2014-12-18 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-12-18 15:40 - 2014-12-18 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2014-12-18 15:40 - 2014-12-18 15:40 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2014-12-18 15:39 - 2014-12-18 15:40 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-12-18 15:39 - 2014-12-18 15:39 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Rainmaker Software Group LLC.​
2014-12-18 15:06 - 2010-03-08 04:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2014-12-18 12:34 - 2014-12-18 17:11 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\FreeFixer
2014-12-18 12:34 - 2014-12-18 12:58 - 00000000 ____D () C:\Users\Kyle\AppData\Local\FreeFixer
2014-12-18 12:34 - 2014-12-18 12:34 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-12-18 12:34 - 2014-12-18 12:34 - 00000000 ____D () C:\Program Files\FreeFixer
2014-12-18 10:41 - 2014-12-18 10:41 - 00000000 _____ () C:\Windows\Minidump\Mini121814-01.dmp
2014-12-09 03:22 - 2014-12-09 03:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-04 13:46 - 2014-12-22 14:47 - 00000000 ____D () C:\Users\Kyle\Desktop\BusinessJ
2014-11-29 16:41 - 2014-11-29 16:46 - 00275368 _____ () C:\Windows\Minidump\Mini112914-01.dmp
2014-11-27 00:52 - 2014-12-18 17:40 - 00000000 ____D () C:\Users\Kyle\Desktop\Fantasy Football
2014-11-26 20:55 - 2014-11-26 21:07 - 345355680 _____ () C:\Users\Kyle\Desktop\Me, Myself, and Us.zip
2014-11-24 13:16 - 2014-12-02 17:38 - 00789339 ____H () C:\Users\Kyle\Desktop\~WRL2334.tmp
2014-11-24 13:14 - 2014-12-10 17:30 - 00002039 _____ () C:\Users\Kyle\Desktop\Google Chrome.lnk
2014-11-24 13:11 - 2014-12-13 03:06 - 00000000 ____D () C:\Users\Kyle\Desktop\Misc. Docs
2014-11-24 13:10 - 2014-12-21 19:06 - 00000000 ____D () C:\Users\Kyle\Desktop\PHOTOS
2014-11-24 13:09 - 2014-11-24 16:03 - 00000000 ____D () C:\Users\Kyle\Documents\My Kindle Content
2014-11-24 13:08 - 2014-11-24 13:08 - 00002015 _____ () C:\Users\Kyle\Desktop\Kindle.lnk
2014-11-24 13:08 - 2014-11-24 13:08 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-11-24 13:07 - 2014-11-24 13:08 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Amazon
2014-11-23 14:46 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 15:03 - 2011-09-25 15:26 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Mozilla
2014-12-22 15:03 - 2011-09-25 15:26 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Mozilla
2014-12-22 14:53 - 2012-09-03 18:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 14:46 - 2011-08-11 05:32 - 01501798 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 14:10 - 2006-11-02 09:22 - 00004016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 14:10 - 2006-11-02 09:22 - 00004016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 12:15 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 12:07 - 2006-11-02 09:42 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-22 11:50 - 2012-03-22 10:22 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Google
2014-12-22 11:36 - 2013-04-02 22:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-20 13:04 - 2012-12-17 15:38 - 00000000 ____D () C:\Users\Mcx1
2014-12-20 13:03 - 2012-12-17 15:38 - 00000000 ____D () C:\Users\Mcx1\AppData\Roaming\Macromedia
2014-12-20 11:52 - 2011-09-20 19:47 - 00000000 ____D () C:\Windows\Minidump
2014-12-20 11:51 - 2011-09-20 19:47 - 506371976 _____ () C:\Windows\MEMORY.DMP
2014-12-20 11:51 - 2008-01-20 21:26 - 00421854 _____ () C:\Windows\PFRO.log
2014-12-20 02:49 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\system
2014-12-20 01:28 - 2014-04-08 19:33 - 00000000 ____D () C:\Program Files (x86)\MacroRecorder
2014-12-20 00:57 - 2012-10-23 21:39 - 00000000 ____D () C:\Program Files (x86)\Red Sky
2014-12-20 00:55 - 2012-10-04 16:17 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 22:53 - 2012-10-08 00:41 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Spotify
2014-12-19 22:53 - 2012-10-08 00:41 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Spotify
2014-12-19 22:48 - 2006-11-02 06:46 - 00755906 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 13:55 - 2011-09-07 02:46 - 00000322 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-12-19 13:39 - 2012-08-31 08:00 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5
2014-12-19 13:39 - 2011-09-07 02:22 - 00000000 ____D () C:\Program Files (x86)\YTDSETUP
2014-12-18 17:29 - 2012-01-31 09:14 - 00000000 ____D () C:\Program Files (x86)\National Instruments
2014-12-18 17:21 - 2011-09-06 23:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-18 17:08 - 2012-03-18 17:08 - 00000000 ____D () C:\Program Files\National Instruments
2014-12-18 17:03 - 2011-09-07 02:46 - 00002600 _____ () C:\Windows\System32\Tasks\GlaryInitialize
2014-12-18 16:01 - 2012-09-03 18:47 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-18 15:48 - 2012-08-16 13:55 - 00000000 ____D () C:\Users\Kyle\Documents\Audible
2014-12-18 15:48 - 2012-03-20 08:50 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-12-18 15:32 - 2012-05-22 14:55 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Samsung
2014-12-18 15:32 - 2012-03-20 08:49 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-18 15:32 - 2011-08-11 11:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 15:25 - 2014-05-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2014-12-18 15:25 - 2006-11-02 09:07 - 00000000 ____D () C:\Windows\ShellNew
2014-12-18 15:06 - 2014-02-23 23:57 - 00000000 ____D () C:\Program Files (x86)\Unified Remote
2014-12-18 11:42 - 2012-11-13 20:55 - 00000000 ____D () C:\AllShare Play
2014-12-14 11:00 - 2012-08-31 08:01 - 00000000 ____D () C:\Users\Kyle\.frostwire5
2014-12-11 12:59 - 2012-11-07 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 23:53 - 2012-06-13 23:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 23:53 - 2011-08-11 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-04 14:10 - 2013-01-29 11:52 - 00000000 ____D () C:\Program Files (x86)\DMC Devi May Cry
2014-11-29 17:16 - 2011-08-13 13:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-29 17:16 - 2011-08-13 13:08 - 00000000 ____D () C:\ProgramData\McAfee

Files to move or delete:
====================
C:\Users\Kyle\jagex_cl_runescape_LIVE.dat
C:\Users\Kyle\random.dat


Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\3u1uhiut.dll
C:\Users\Kyle\AppData\Local\Temp\4474uninstall.exe
C:\Users\Kyle\AppData\Local\Temp\avg_12.1.0.20.exe
C:\Users\Kyle\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Kyle\AppData\Local\Temp\bitool.dll
C:\Users\Kyle\AppData\Local\Temp\chutil.dll
C:\Users\Kyle\AppData\Local\Temp\contentDATs.exe
C:\Users\Kyle\AppData\Local\Temp\DivXSetup.exe
C:\Users\Kyle\AppData\Local\Temp\dpinst.exe
C:\Users\Kyle\AppData\Local\Temp\GUR189E.exe
C:\Users\Kyle\AppData\Local\Temp\GUR713.exe
C:\Users\Kyle\AppData\Local\Temp\installhelper.dll
C:\Users\Kyle\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Kyle\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Kyle\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\Kyle\AppData\Local\Temp\mssinstaller.exe
C:\Users\Kyle\AppData\Local\Temp\NEW4B94.tmp.exe
C:\Users\Kyle\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Kyle\AppData\Local\Temp\Setup.exe
C:\Users\Kyle\AppData\Local\Temp\SetupDataMngr_BearShare.exe
C:\Users\Kyle\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kyle\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Kyle\AppData\Local\Temp\sqlite3.dll
C:\Users\Kyle\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Kyle\AppData\Local\Temp\uninst1.exe
C:\Users\Kyle\AppData\Local\Temp\winzip1664_2_wrapped.exe
C:\Users\Kyle\AppData\Local\Temp\_ISDel.exe
C:\Users\Kyle\AppData\Local\Temp\_Setup.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-22 12:23

==================== End Of Log ============================

...

...

...

Results of Addition.txt:

...

...

...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by Kyle at 2014-12-22 15:19:52
Running from C:\Users\Kyle\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\Amazon Kindle) (Version:  - Amazon)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0625.1811 - )
AWR Design Environment 10 (10.08.6146.1) (HKLM-x32\...\{6E827727-66FC-4113-8EC7-AE273C407FFE}) (Version: 10.08.6146.1 - AWR Corporation)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Crystal XI (HKLM-x32\...\{0B9E27C7-9ECD-4362-B311-030EA48F8E72}) (Version: 1.0.0.0 - Cadence Design Systems, Inc)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 12.0.1.0 - Synaptics)
Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.0.191 - Digilent, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\Dropbox) (Version: 1.6.10 - Dropbox, Inc.)
EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\EA SPORTS Game Face Browser Plugin) (Version: 1.5.3.0 - Electronic Arts)
EAGLE 6.3.0 (HKLM-x32\...\EAGLE 6.3.0) (Version: 6.3.0 - CadSoft Computer GmbH)
Elsie (HKLM\...\Elsie) (Version: 2.51 - Tonne Software)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX125 NX127 Series Printer Uninstall (HKLM\...\EPSON NX125 NX127 Series) (Version:  - SEIKO EPSON Corporation)
EPSON NX330 Series Printer Uninstall (HKLM\...\EPSON NX330 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Filter Design 4.5 (HKLM-x32\...\Filter Design 4.5_is1) (Version: 4.5 - Almost All Digital Electronics)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
FrostWire 5.5.2 (HKLM-x32\...\FrostWire 5) (Version: 5.5.2.0 - FrostWire Team)
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
Glary Utilities 2.37.0.1260 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.37.0.1260 - Glarysoft Ltd)
Google Chrome (HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{09A84D86-C709-4825-9548-ACF4838D478D}) (Version: 12.03.2000 - Intel® Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Macro Recorder 5.7.4 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.4 - Jitbit Software)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
Mathcad Prime 2.0 (HKLM\...\{CC0987FE-EC76-41E0-AD67-BCD9E4E27C4F}) (Version: 2.0.1 - PTC)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 2.1.121.2 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Micro-Cap 10 Evaluation (HKLM-x32\...\{D9EB0916-F277-4C54-830A-772833FD20A4}) (Version: 10 - Spectrum Software)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.0.7031 - ooVoo LLC.)
PowerWorld Viewer 17 (HKLM-x32\...\PowerWorld Viewer 17) (Version: 17 - PowerWorld Corporation)
PowerWorld Viewer 17 (x32 Version: 17 - PowerWorld Corporation) Hidden
Pro PC Cleaner (HKLM-x32\...\{23497AFC-382C-417E-AC1F-42D98A5A8ADA}) (Version: 2.5.6 - Rainmaker Software Group LLC.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PTC Quality Agent (HKLM-x32\...\{DE75B409-8D86-4574-944D-3B5E25D87B30}) (Version: 2.0.0.0 - PTC)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.19 - Dell Inc.)
Recorder (HKLM-x32\...\{73DFE8A3-C2F1-4CF8-8188-6FCB3335F1D0}) (Version: 7.3.20 - KraTronic)
Release OrCAD 16.2 (HKLM-x32\...\{B4D762E1-F7EA-4BC0-8BDC-6D1A0B26E1B8}) (Version: 16.20.000 - Cadence Design Systems)
SeaMonkey 2.25 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.25 (x86 en-US)) (Version: 2.25 - Mozilla)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Unified Remote (HKLM-x32\...\{4B5145F0-CB82-481B-9DC2-98BBF2F8422A}) (Version: 2.12.3.0 - Unified Remote)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WIDCOMM Bluetooth Software 6.2.0.6600 (HKLM\...\{E464702F-5433-46EC-8F65-159276C0A54F}) (Version: 6.2.0.6600 - Dell)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip System Utilities Suite (HKLM-x32\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.5.1000.15714 - WinZip Computing, S.L. (WinZip Computing))
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{03414828-B9D7-4BAF-A97F-7A6832D49789}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{123C44B9-728B-404C-9275-A9AAFF4A2A70}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\capture\capture.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{13DE601A-1D12-4F8D-B6D1-C30E1496B080}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{1E419009-24AF-4293-8888-0726CEB648F0}\localserver32 -> "C:\OrCAD\OrCAD_16.5_Lite\tools\capture\capture.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{252D0466-A10A-4322-9388-6675F2A6D226}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\simmgr.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{40EC1D13-6258-4662-B67A-153C2908A1EC}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{49EB02B2-3B95-4B76-BE19-142F7CC213D4}\localserver32 -> "C:\OrCAD\OrCAD_16.5_Lite\tools\capture\capture.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{541EDDF8-0F13-458E-B9D2-4EFDD8ADCFE4}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{6263B659-CF6C-48E3-8E6B-5A37D01210B5}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{645339ED-6191-4DF3-A5C9-4E7E1197E7E3}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{66985293-D546-11D1-B884-0000C080A60E}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{7FB299D2-3E5B-4CA4-BF5B-A4F73F2D04FF}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\simmgr.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{82147478-24B8-4E26-B914-016029399877}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{8DBEA709-F81F-4C63-B27D-099170CA0256}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspiceaa.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{9DD25B5A-C78F-47AE-B668-E3847747B705}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{AD826886-B4F0-409C-BBCF-4B4BEB87E084}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspiceaa.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{BBB19602-BF51-11D1-BB9B-0000C0708DD0}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{BCAFBEB2-3C89-491C-B4B3-9F68CA830373}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{CFEE7488-96F9-4DE6-90BE-5FFFEA69482A}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{DF02C767-28B4-49A8-8F41-15D9C6C7FAB4}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{EAE7C724-F767-4BAA-A434-DB43D8FDF5A5}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspiceaa.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\capture\capture.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{F2293905-23C4-40A1-8E79-6457930A76B9}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{F4F37D00-47DF-4C2B-B88F-26E2A0BF0DCD}\localserver32 -> "C:\OrCAD\OrCAD_16.5_Lite\tools\capture\capture.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

22-12-2014 14:02:18 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:34 - 2006-09-18 15:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {21681534-FA49-441C-8EF7-5A23E15E5235} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {84A878F9-BD91-40EC-8D57-13575935ABD8} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-08-30] (Glarysoft Ltd)
Task: {9110A913-9639-43BA-A1B2-B268E8868A76} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-10-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe

==================== Loaded Modules (whitelisted) =============

2007-09-06 08:27 - 2007-09-06 08:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-12-22 15:03 - 2014-03-18 20:23 - 03323904 _____ () C:\Program Files (x86)\SeaMonkey\mozjs.dll
2014-12-22 15:03 - 2014-03-18 22:09 - 00150528 _____ () C:\Program Files (x86)\SeaMonkey\NSLDAP32V60.dll
2014-12-22 15:03 - 2014-03-18 22:09 - 00014848 _____ () C:\Program Files (x86)\SeaMonkey\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk => C:\Windows\pss\NI Error Reporting.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Kyle\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
MSCONFIG\startupreg: NI Update Service => "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
MSCONFIG\startupreg: NIRegistrationWizard => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
MSCONFIG\startupreg: SBRegRebootCleaner => "C:\Program Files (x86)\GFI Software\VIPRE\SBRC.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2030912811-2242992003-1410454293-500 - Administrator - Disabled)
Guest (S-1-5-21-2030912811-2242992003-1410454293-501 - Limited - Disabled)
Kybone (S-1-5-21-2030912811-2242992003-1410454293-1003 - Limited - Enabled)
Kyle (S-1-5-21-2030912811-2242992003-1410454293-1000 - Administrator - Enabled) => C:\Users\Kyle
Mcx1 (S-1-5-21-2030912811-2242992003-1410454293-1002 - Administrator - Enabled) => C:\Users\Mcx1

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Intel® WiFi Link 5300 AGN
Description: Intel® WiFi Link 5300 AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETw5v64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 4059.94 MB
Available physical RAM: 2136.79 MB
Total Pagefile: 8295.16 MB
Available Pagefile: 6351.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.63 GB) (Free:173.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=133 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

...

...

...

 

 

Please let me know what to do from here.

Thank you,

Kyle

 

 

 

 

 

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 
Please describe your problem.

Link to post
Share on other sites

Hi TwinHeadedEagle,

 

My problem is that I have been experiencing a variety of issues with my PC. Namely, the operation speed has been drastically slower than what it used to be, and I have let this slide for the past several months. In addition to that, I have become suspicious that my internet browsers, namely Firefox, has some sort of infection. I'll notice several websites listed as it's loading my desired webpage, and have researched to find that it is indeed some sort of malware/fishing.

 

I have run several virus/malware removals during the past couple of days, and it seems to have helped some.

 

Could you please walk me through any additional checks I should do?

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Hi TwinHeadedEagle,

 

Thanks for the reply. I have now run the Farbar Recovery Scan Tool for a third time, and have included the results below.

 

Here are the contents of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by Kyle (administrator) on KYLE-PC on 23-12-2014 09:57:31
Running from C:\Users\Kyle\Desktop
Loaded Profile: Kyle (Available profiles: Kyle & Mcx1)
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-21] (Synaptics, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2129488 2009-05-14] (Dell Inc.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {2f98be92-72af-11e1-982e-00242cb6dcbc} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {38629b9c-0097-11e2-a0df-002219edf4b9} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {5bbd1d38-f8ff-11e0-bb98-00242cb6dcbc} - F:\WIN\setup.exe
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {9c8639af-474f-11e4-9624-002219edf4b9} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {9c8639b8-474f-11e4-9624-02292b040e03} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\MountPoints2: {afbe7e5a-1c9f-11e4-acc9-002219edf4b9} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\rh2w6skl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2030912811-2242992003-1410454293-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2030912811-2242992003-1410454293-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2030912811-2242992003-1410454293-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2030912811-2242992003-1410454293-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF user.js: detected! => C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\rh2w6skl.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kyle\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kyle\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Extension: ArcadeWeb - C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com [2012-07-20]
FF Extension: RotoGrinders FanDuel Helper - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\rh2w6skl.default\Extensions\jid1-MB0lti0EYRDOmA@jetpack.xpi [2014-11-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-08-13]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [olbeblfeajodfbigdebdgojjdonaikac] - C:\Users\Kyle\AppData\Local\TidyNetwork.com\tidy.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 0278061418957423mcinstcleanup; C:\Windows\TEMP\027806~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1454080 2009-02-11] (Intel® Corporation) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [306688 2009-02-11] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [825856 2009-02-11] (Intel® Corporation) [File not signed]
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [308592 2010-09-13] (Sierra Wireless, Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [X]
S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X]
S4 nidevldu; %SystemRoot%\SysWOW64\nipalsm.exe [X]
S3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [X]
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 dmodusb; C:\Windows\System32\DRIVERS\dmodusb.sys [32768 2008-12-16] (Windows ® Codename Longhorn DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 MUXMP; C:\Windows\System32\DRIVERS\mux.sys [36400 2009-02-09] (Intel© Corporation)
S3 MUXP; C:\Windows\System32\DRIVERS\mux.sys [36400 2009-02-09] (Intel© Corporation)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbusx64.sys [102656 2010-06-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [240640 2010-06-21] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [210944 2010-06-21] (Sierra Wireless Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2011-06-21] (Jungo)
S0 75912737; system32\drivers\49607679.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MFE_RR; \??\C:\Users\Kyle\AppData\Local\Temp\mfe_rr.sys [X]
S3 niraptrkw; system32\DRIVERS\niraptrkw.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 09:31 - 2014-12-23 09:31 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-22 22:04 - 2014-12-22 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-22 16:17 - 2014-12-22 16:17 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Kyle\Desktop\tdsskiller.exe
2014-12-22 15:43 - 2014-12-22 15:46 - 00009216 _____ () C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-22 15:19 - 2014-12-23 09:57 - 00020445 _____ () C:\Users\Kyle\Desktop\FRST.txt
2014-12-22 15:19 - 2014-12-23 09:50 - 00027424 _____ () C:\Users\Kyle\Desktop\Addition.txt
2014-12-22 15:18 - 2014-12-23 09:57 - 00000000 ____D () C:\FRST
2014-12-22 15:16 - 2014-12-22 15:16 - 02122240 _____ (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
2014-12-22 15:10 - 2014-12-22 15:10 - 00852505 _____ () C:\Users\Kyle\Desktop\SecurityCheck.exe
2014-12-22 15:03 - 2014-12-22 15:03 - 00001742 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk
2014-12-22 15:03 - 2014-12-22 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2014-12-22 15:02 - 2014-12-22 15:03 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-12-22 13:01 - 2014-12-22 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-22 12:59 - 2014-12-22 14:06 - 00000000 ____D () C:\Users\Kyle\Desktop\mbar
2014-12-22 12:58 - 2014-12-22 12:58 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Kyle\Desktop\mbar-1.08.2.1001.exe
2014-12-22 12:56 - 2014-12-22 12:56 - 00000310 _____ () C:\Users\Kyle\Desktop\RootkitRemover_20141222_125621.log
2014-12-22 12:55 - 2014-12-22 12:56 - 00000206 _____ () C:\Users\Kyle\Desktop\RootkitRemover_20141222_125559.log
2014-12-22 12:55 - 2014-12-22 12:55 - 00783120 _____ (McAfee, Inc.) C:\Users\Kyle\Desktop\rootkitremover.exe
2014-12-22 12:01 - 2014-12-22 12:01 - 00001353 _____ () C:\Users\Public\Desktop\WinZip System Utilities Suite.lnk
2014-12-22 12:01 - 2014-12-22 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip System Utilities Suite
2014-12-22 12:00 - 2014-12-22 12:01 - 00000000 ____D () C:\Program Files (x86)\WinZip System Utilities Suite
2014-12-22 12:00 - 2014-12-22 12:00 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-22 11:59 - 2014-12-22 11:59 - 14339216 _____ (WinZip ) C:\Users\Kyle\Desktop\wzsus18.exe
2014-12-22 11:53 - 2014-12-22 11:53 - 00003370 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2014-12-21 19:05 - 2014-12-21 19:05 - 00000721 _____ () C:\Users\Kyle\Desktop\FreeFixer.lnk
2014-12-20 11:52 - 2014-12-20 11:52 - 00000000 _____ () C:\Windows\Minidump\Mini122014-02.dmp
2014-12-20 02:49 - 2014-12-20 02:49 - 00283080 _____ () C:\Windows\Minidump\Mini122014-01.dmp
2014-12-19 13:39 - 2014-12-19 13:39 - 00012827 _____ () C:\scan12-19-14.txt
2014-12-19 13:08 - 2014-12-22 16:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 13:08 - 2014-12-22 12:59 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 13:08 - 2014-12-19 13:08 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 13:08 - 2014-12-19 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 13:08 - 2014-12-19 13:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 13:08 - 2014-12-19 13:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-19 13:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-19 13:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 17:00 - 2014-12-18 17:00 - 00450621 _____ () C:\Users\Kyle\Desktop\errorlog.xml
2014-12-18 16:52 - 2014-12-18 16:52 - 00159578 _____ () C:\Users\Kyle\Desktop\JavaRa-2.6.zip
2014-12-18 15:41 - 2014-12-18 15:41 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Rainmaker_Software_Group_
2014-12-18 15:40 - 2014-12-22 11:56 - 00000000 ____D () C:\Users\Kyle\Documents\ProPCCleaner
2014-12-18 15:40 - 2014-12-18 16:53 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-12-18 15:40 - 2014-12-18 15:40 - 00000912 _____ () C:\Users\Public\Desktop\Pro PC Cleaner.lnk
2014-12-18 15:40 - 2014-12-18 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-12-18 15:40 - 2014-12-18 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2014-12-18 15:40 - 2014-12-18 15:40 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2014-12-18 15:39 - 2014-12-18 15:40 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-12-18 15:39 - 2014-12-18 15:39 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Rainmaker Software Group LLC.​
2014-12-18 15:06 - 2010-03-08 04:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2014-12-18 12:34 - 2014-12-18 17:11 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\FreeFixer
2014-12-18 12:34 - 2014-12-18 12:58 - 00000000 ____D () C:\Users\Kyle\AppData\Local\FreeFixer
2014-12-18 12:34 - 2014-12-18 12:34 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-12-18 12:34 - 2014-12-18 12:34 - 00000000 ____D () C:\Program Files\FreeFixer
2014-12-18 10:41 - 2014-12-18 10:41 - 00000000 _____ () C:\Windows\Minidump\Mini121814-01.dmp
2014-12-09 03:22 - 2014-12-09 03:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-04 13:46 - 2014-12-22 14:47 - 00000000 ____D () C:\Users\Kyle\Desktop\BusinessJ
2014-11-29 16:41 - 2014-11-29 16:46 - 00275368 _____ () C:\Windows\Minidump\Mini112914-01.dmp
2014-11-27 00:52 - 2014-12-18 17:40 - 00000000 ____D () C:\Users\Kyle\Desktop\Fantasy Football
2014-11-26 20:55 - 2014-11-26 21:07 - 345355680 _____ () C:\Users\Kyle\Desktop\Me, Myself, and Us.zip
2014-11-24 13:16 - 2014-12-02 17:38 - 00789339 ____H () C:\Users\Kyle\Desktop\~WRL2334.tmp
2014-11-24 13:11 - 2014-12-13 03:06 - 00000000 ____D () C:\Users\Kyle\Desktop\Misc. Docs
2014-11-24 13:10 - 2014-12-21 19:06 - 00000000 ____D () C:\Users\Kyle\Desktop\PHOTOS
2014-11-24 13:09 - 2014-11-24 16:03 - 00000000 ____D () C:\Users\Kyle\Documents\My Kindle Content
2014-11-24 13:08 - 2014-11-24 13:08 - 00002015 _____ () C:\Users\Kyle\Desktop\Kindle.lnk
2014-11-24 13:08 - 2014-11-24 13:08 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-11-24 13:07 - 2014-11-24 13:08 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Amazon
2014-11-23 14:46 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 09:53 - 2011-08-11 13:50 - 00000000 ____D () C:\Users\Kyle
2014-12-23 09:52 - 2012-09-03 18:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-23 09:40 - 2011-08-13 15:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-23 09:37 - 2012-02-03 18:37 - 00000000 ____D () C:\Program Files (x86)\epson
2014-12-23 09:37 - 2011-08-18 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-23 09:36 - 2011-08-11 11:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-23 09:35 - 2012-09-16 22:19 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Electronic Arts
2014-12-23 09:34 - 2011-08-18 21:04 - 00000000 ____D () C:\ProgramData\EPSON
2014-12-23 09:10 - 2011-08-11 05:32 - 01506085 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 21:50 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 21:49 - 2011-09-20 19:47 - 00000000 ____D () C:\Windows\Minidump
2014-12-22 21:45 - 2006-11-02 09:22 - 00004016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 21:45 - 2006-11-02 09:22 - 00004016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 21:43 - 2011-09-20 19:47 - 374648048 _____ () C:\Windows\MEMORY.DMP
2014-12-22 21:43 - 2008-01-20 21:26 - 00432940 _____ () C:\Windows\PFRO.log
2014-12-22 21:37 - 2006-11-02 09:42 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-22 15:03 - 2011-09-25 15:26 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Mozilla
2014-12-22 15:03 - 2011-09-25 15:26 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Mozilla
2014-12-22 11:50 - 2012-03-22 10:22 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Google
2014-12-20 13:04 - 2012-12-17 15:38 - 00000000 ____D () C:\Users\Mcx1
2014-12-20 13:03 - 2012-12-17 15:38 - 00000000 ____D () C:\Users\Mcx1\AppData\Roaming\Macromedia
2014-12-20 02:49 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\system
2014-12-20 01:28 - 2014-04-08 19:33 - 00000000 ____D () C:\Program Files (x86)\MacroRecorder
2014-12-20 00:57 - 2012-10-23 21:39 - 00000000 ____D () C:\Program Files (x86)\Red Sky
2014-12-20 00:55 - 2012-10-04 16:17 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 22:53 - 2012-10-08 00:41 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Spotify
2014-12-19 22:53 - 2012-10-08 00:41 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Spotify
2014-12-19 22:48 - 2006-11-02 06:46 - 00755906 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 13:39 - 2011-09-07 02:22 - 00000000 ____D () C:\Program Files (x86)\YTDSETUP
2014-12-18 17:29 - 2012-01-31 09:14 - 00000000 ____D () C:\Program Files (x86)\National Instruments
2014-12-18 17:21 - 2011-09-06 23:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-18 17:08 - 2012-03-18 17:08 - 00000000 ____D () C:\Program Files\National Instruments
2014-12-18 16:01 - 2012-09-03 18:47 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-18 15:48 - 2012-08-16 13:55 - 00000000 ____D () C:\Users\Kyle\Documents\Audible
2014-12-18 15:48 - 2012-03-20 08:50 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-12-18 15:32 - 2012-05-22 14:55 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Samsung
2014-12-18 15:32 - 2012-03-20 08:49 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-18 15:25 - 2014-05-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2014-12-18 15:25 - 2006-11-02 09:07 - 00000000 ____D () C:\Windows\ShellNew
2014-12-18 15:06 - 2014-02-23 23:57 - 00000000 ____D () C:\Program Files (x86)\Unified Remote
2014-12-18 11:42 - 2012-11-13 20:55 - 00000000 ____D () C:\AllShare Play
2014-12-14 11:00 - 2012-08-31 08:01 - 00000000 ____D () C:\Users\Kyle\.frostwire5
2014-12-09 23:53 - 2012-06-13 23:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 23:53 - 2011-08-11 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-04 14:10 - 2013-01-29 11:52 - 00000000 ____D () C:\Program Files (x86)\DMC Devi May Cry
2014-11-29 17:16 - 2011-08-13 13:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-29 17:16 - 2011-08-13 13:08 - 00000000 ____D () C:\ProgramData\McAfee

Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\3u1uhiut.dll
C:\Users\Kyle\AppData\Local\Temp\4474uninstall.exe
C:\Users\Kyle\AppData\Local\Temp\avg_12.1.0.20.exe
C:\Users\Kyle\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Kyle\AppData\Local\Temp\bitool.dll
C:\Users\Kyle\AppData\Local\Temp\chutil.dll
C:\Users\Kyle\AppData\Local\Temp\contentDATs.exe
C:\Users\Kyle\AppData\Local\Temp\DivXSetup.exe
C:\Users\Kyle\AppData\Local\Temp\dpinst.exe
C:\Users\Kyle\AppData\Local\Temp\GUR189E.exe
C:\Users\Kyle\AppData\Local\Temp\GUR713.exe
C:\Users\Kyle\AppData\Local\Temp\installhelper.dll
C:\Users\Kyle\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Kyle\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Kyle\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\Kyle\AppData\Local\Temp\mssinstaller.exe
C:\Users\Kyle\AppData\Local\Temp\NEW4B94.tmp.exe
C:\Users\Kyle\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Kyle\AppData\Local\Temp\Setup.exe
C:\Users\Kyle\AppData\Local\Temp\SetupDataMngr_BearShare.exe
C:\Users\Kyle\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kyle\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Kyle\AppData\Local\Temp\sqlite3.dll
C:\Users\Kyle\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Kyle\AppData\Local\Temp\uninst1.exe
C:\Users\Kyle\AppData\Local\Temp\winzip1664_2_wrapped.exe
C:\Users\Kyle\AppData\Local\Temp\_ISDel.exe
C:\Users\Kyle\AppData\Local\Temp\_Setup.dll
C:\Users\Kyle\AppData\Local\Temp\{1D35A535-8556-4738-BC61-6A5795AC6207}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-22 21:58

==================== End Of Log ============================

 

 

Here are the contents of Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by Kyle at 2014-12-23 09:58:00
Running from C:\Users\Kyle\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\Amazon Kindle) (Version:  - Amazon)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0625.1811 - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Crystal XI (HKLM-x32\...\{0B9E27C7-9ECD-4362-B311-030EA48F8E72}) (Version: 1.0.0.0 - Cadence Design Systems, Inc)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 12.0.1.0 - Synaptics)
Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.0.191 - Digilent, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\Dropbox) (Version: 1.6.10 - Dropbox, Inc.)
EAGLE 6.3.0 (HKLM-x32\...\EAGLE 6.3.0) (Version: 6.3.0 - CadSoft Computer GmbH)
Elsie (HKLM\...\Elsie) (Version: 2.51 - Tonne Software)
EPSON NX330 Series Printer Uninstall (HKLM\...\EPSON NX330 Series) (Version:  - SEIKO EPSON Corporation)
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Filter Design 4.5 (HKLM-x32\...\Filter Design 4.5_is1) (Version: 4.5 - Almost All Digital Electronics)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{09A84D86-C709-4825-9548-ACF4838D478D}) (Version: 12.03.2000 - Intel® Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Macro Recorder 5.7.4 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.4 - Jitbit Software)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mathcad Prime 2.0 (HKLM\...\{CC0987FE-EC76-41E0-AD67-BCD9E4E27C4F}) (Version: 2.0.1 - PTC)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 2.1.121.2 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Micro-Cap 10 Evaluation (HKLM-x32\...\{D9EB0916-F277-4C54-830A-772833FD20A4}) (Version: 10 - Spectrum Software)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.0.7031 - ooVoo LLC.)
PowerWorld Viewer 17 (HKLM-x32\...\PowerWorld Viewer 17) (Version: 17 - PowerWorld Corporation)
PowerWorld Viewer 17 (x32 Version: 17 - PowerWorld Corporation) Hidden
Pro PC Cleaner (HKLM-x32\...\{23497AFC-382C-417E-AC1F-42D98A5A8ADA}) (Version: 2.5.6 - Rainmaker Software Group LLC.)
PTC Quality Agent (HKLM-x32\...\{DE75B409-8D86-4574-944D-3B5E25D87B30}) (Version: 2.0.0.0 - PTC)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.19 - Dell Inc.)
Recorder (HKLM-x32\...\{73DFE8A3-C2F1-4CF8-8188-6FCB3335F1D0}) (Version: 7.3.20 - KraTronic)
Release OrCAD 16.2 (HKLM-x32\...\{B4D762E1-F7EA-4BC0-8BDC-6D1A0B26E1B8}) (Version: 16.20.000 - Cadence Design Systems)
SeaMonkey 2.25 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.25 (x86 en-US)) (Version: 2.25 - Mozilla)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Spotify (HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Unified Remote (HKLM-x32\...\{4B5145F0-CB82-481B-9DC2-98BBF2F8422A}) (Version: 2.12.3.0 - Unified Remote)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WIDCOMM Bluetooth Software 6.2.0.6600 (HKLM\...\{E464702F-5433-46EC-8F65-159276C0A54F}) (Version: 6.2.0.6600 - Dell)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip System Utilities Suite (HKLM-x32\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.5.1000.15714 - WinZip Computing, S.L. (WinZip Computing))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{03414828-B9D7-4BAF-A97F-7A6832D49789}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{123C44B9-728B-404C-9275-A9AAFF4A2A70}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\capture\capture.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{13DE601A-1D12-4F8D-B6D1-C30E1496B080}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{1E419009-24AF-4293-8888-0726CEB648F0}\localserver32 -> "C:\OrCAD\OrCAD_16.5_Lite\tools\capture\capture.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{252D0466-A10A-4322-9388-6675F2A6D226}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\simmgr.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{40EC1D13-6258-4662-B67A-153C2908A1EC}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{49EB02B2-3B95-4B76-BE19-142F7CC213D4}\localserver32 -> "C:\OrCAD\OrCAD_16.5_Lite\tools\capture\capture.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{541EDDF8-0F13-458E-B9D2-4EFDD8ADCFE4}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{6263B659-CF6C-48E3-8E6B-5A37D01210B5}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{645339ED-6191-4DF3-A5C9-4E7E1197E7E3}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{66985293-D546-11D1-B884-0000C080A60E}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{7FB299D2-3E5B-4CA4-BF5B-A4F73F2D04FF}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\simmgr.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{82147478-24B8-4E26-B914-016029399877}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{8DBEA709-F81F-4C63-B27D-099170CA0256}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspiceaa.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{9DD25B5A-C78F-47AE-B668-E3847747B705}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{AD826886-B4F0-409C-BBCF-4B4BEB87E084}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspiceaa.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{BBB19602-BF51-11D1-BB9B-0000C0708DD0}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{BCAFBEB2-3C89-491C-B4B3-9F68CA830373}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{CFEE7488-96F9-4DE6-90BE-5FFFEA69482A}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{DF02C767-28B4-49A8-8F41-15D9C6C7FAB4}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{EAE7C724-F767-4BAA-A434-DB43D8FDF5A5}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspiceaa.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\capture\capture.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{F2293905-23C4-40A1-8E79-6457930A76B9}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\pspice.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{F4F37D00-47DF-4C2B-B88F-26E2A0BF0DCD}\localserver32 -> "C:\OrCAD\OrCAD_16.5_Lite\tools\capture\capture.exe" No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0}\localserver32 -> C:\OrCAD\ORCAD_~1.5_L\tools\PSpice\ModelEd.exe No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2030912811-2242992003-1410454293-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

23-12-2014 09:55:37 Removed Project64 1.6

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:34 - 2006-09-18 15:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {21681534-FA49-441C-8EF7-5A23E15E5235} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {9110A913-9639-43BA-A1B2-B268E8868A76} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-10-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2007-09-06 08:27 - 2007-09-06 08:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-12-09 03:22 - 2014-12-09 03:23 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75912737.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75912737.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-2030912811-2242992003-1410454293-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk => C:\Windows\pss\NI Error Reporting.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Kyle\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
MSCONFIG\startupreg: NI Update Service => "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
MSCONFIG\startupreg: NIRegistrationWizard => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
MSCONFIG\startupreg: SBRegRebootCleaner => "C:\Program Files (x86)\GFI Software\VIPRE\SBRC.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2030912811-2242992003-1410454293-500 - Administrator - Disabled)
Guest (S-1-5-21-2030912811-2242992003-1410454293-501 - Limited - Disabled)
Kybone (S-1-5-21-2030912811-2242992003-1410454293-1003 - Limited - Enabled)
Kyle (S-1-5-21-2030912811-2242992003-1410454293-1000 - Administrator - Enabled) => C:\Users\Kyle
Mcx1 (S-1-5-21-2030912811-2242992003-1410454293-1002 - Administrator - Enabled) => C:\Users\Mcx1

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Intel® WiFi Link 5300 AGN
Description: Intel® WiFi Link 5300 AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETw5v64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 4059.94 MB
Available physical RAM: 1991.69 MB
Total Pagefile: 8295.16 MB
Available Pagefile: 6260.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.63 GB) (Free:176.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=133 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

...

 

Let me know where to go from here.

 

Thanks,

Kyle

Link to post
Share on other sites

We have Lav (lion) beer and Jelen (deer) beer, they are the most popular here. There are dozens of other trademarks, but they are not so popular.
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 
adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

fixlist.txt

Link to post
Share on other sites

Good to know! I'm a big fan of craft brew here in Texas, and had the privelage of trying out several different beers in Germany last year.

 

By the way, the FRST did have me do a system restart. Following the restart, it arrived at the logon page with the "Loading" icon, and then suddenly had reverted back to the black screen with the green loading bar. It was as if it restarted twice. Is this common?

 

I waited ~15 minutes to enter my login credentials, and still wasn't loaded yet. I decided to force shut down and research "long boot times." I came across a post suggesting that external displays and USB mouses could potentially slow down boot times. I gave it a shot, and IT DID IMPROVE!

 

Now, back to your instructions. I have attached the Fixlog.txt file.

 

The AdwCleaner[R0].txt has been attached as well.

 

Thanks,

Kyle

Fixlog.txt

AdwCleanerR0.txt

Link to post
Share on other sites

I have run the clean operation, and am waiting on my PC to restart. Boot up time to login screen was down to 2.5 minutes. I'll post the report once I'm able. Thank you for your patience and promptness.

-Kyle

Link to post
Share on other sites

After an extensive wait time with the automatic reboot, I shut down and waited a few minutes. I started the system back up and have been stuck on the "Welcome" screen since I entered my login credentials. This has been the case for more than 15 minutes. The icon is frozen, and isn't rotating as one would normally expect. What do you suggest from here?

Link to post
Share on other sites

[4:01]Regular start up

[4:04]I arrived to the login screen

[4:06]I entered my credentials, and am waiting at the Welcome text with the circulating icon.

[4:08]Arrived at desktop. Will post from PC soon.

-Kyle

Link to post
Share on other sites

Hi TwinHeadedEagle,

 

I apologize for the delay in getting back to you; something came up. I have attached the most recent repoort file, AdwCleaner[R2].txt

 

In which, there is still a "funmoods" extension within the Mozilla Firefox section. I am considering reinstalling Firefox, and then running the scan once more.

 

Thank you for all the help up to this point! Have a great evening and I look forward to hearing from you again.

AdwCleanerR2.txt

Link to post
Share on other sites

Always attach AdwCleanerS# report.
 
 
 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 
 
 
I am off to sleep. See you tomorrow.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

TwinHeadedEagle,

 

I would call you THE, but that could get confusing ;) . I am taking off for a few hours and will be back.

 

I really do appreciate all of the help. You have been great and I am indebted. I'll reply later today. Merry Christmas to you.

 

Best wishes,

Kyle

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.