Jump to content

MBAM found 700 objects, bank info and cable login stolen prior


Recommended Posts

This was our mom's laptop but my younger sister has been using it for maybe the past year. It's been not only incredibly slow but my parents' bank info was stolen (they had to get a new account number because money was taken by the hackers) and our login for Comcast was posted on some stupid website with other people's. I quarantined the objects and restarted when it asked. Performance has improved but it's still slow and I'm still noticing CPU usage spikes as high as 30% and the memory usage 60% used minimum and above 80% maximum with no programs open.

 

It won't let me even paste the entire FRST.txt log, so I'll have to attach all three.

 

MBAM_2-22-15.txt

 

Addition.txt

 

FRST.txt

Link to post
Share on other sites

IF you still need help with this ....
 
FIRST, Uninstall the following programs / Adware >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Ask Toolbar
Consumer Input (remove only)
Download Updater (AOL LLC)
Free File Viewer 2010
Yontoo 1.10.02
Zip Opener Packages



To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


NEXT, run the following FRST Fixlist script >>>>

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
 

THIRD, a cleaning with AdwCleaner (now that more of the malware is removed / broken) >>>>
 

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[s0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 

Information to Reply with >>>>

  • How did the uninstalls go?
  • The Fixlog.txt log file text.
  • The AdwCleaner[s#].txt log file text.
  • How is the system running now?  Any questions you may have.

Fixlist.txt

Link to post
Share on other sites

The uninstalls went well. For "Consumer Input" and "Yontoo" I got messages that the programs already appeared to be uninstalled and asked if I wanted to remove them from the programs list, which I did. The others uninstalled as normal. Oh, and in Add/Remove programs, the Ask Toolbar showed as an ooVoo Toolbar powered by Ask, so hopefully that was the right one because it was the only one that showed up when I searched "Ask" there.

 

The system is running much better after AdwCleaner ran and rebooted the computer. I couldn't even scroll down this page without massive stuttering and lag, page loading times were awful and it took 15-20 seconds just to close Chrome. Everything's pretty smooth now. Much more as I remember how it ran during my mom's first couple of years with the laptop.

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2015
Ran by Mama at 2015-02-25 03:46:19 Run:1
Running from C:\Users\Mama\Desktop
Loaded Profiles: Mama (Available profiles: Mama)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\Run: [9100F93AF58CA33619F966D5EFD83F3B5E9A0943._service_run] => C:\Users\Mama\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\MountPoints2: {6f57bc9a-eea8-11e0-914d-a4badbb4e8d5} - E:\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4139313771-1929202724-424194219-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylon.com/home
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6D282CB3-ADD2-4F96-84F9-CB9E719E4782} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4139313771-1929202724-424194219-1000 -> DefaultScope {6D282CB3-ADD2-4F96-84F9-CB9E719E4782} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291327&CUI=UN29536948241386113&UM=2
SearchScopes: HKU\S-1-5-21-4139313771-1929202724-424194219-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-4139313771-1929202724-424194219-1000 -> {6D282CB3-ADD2-4F96-84F9-CB9E719E4782} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291327&CUI=UN29536948241386113&UM=2
SearchScopes: HKU\S-1-5-21-4139313771-1929202724-424194219-1000 -> {906FF9D5-DD88-4477-8E37-F6E55CDE9719} URL = 
SearchScopes: HKU\S-1-5-21-4139313771-1929202724-424194219-1000 -> {AEFFF697-4C55-4308-8E2A-505E46B2A8DA} URL = 
SearchScopes: HKU\S-1-5-21-4139313771-1929202724-424194219-1000 -> {E5F5D888-2587-E012-A817-7038F5690F26} URL = http://www.whitesmokestart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-122-0-1HDcZ
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: FAIESSOHelper Class -> {A2F122DA-055F-4df7-8F24-7354DBDBA85B} -> c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-4139313771-1929202724-424194219-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Winsock: Catalog9-x64 01 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 02 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 03 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 04 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 15 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
cmd: netsh winsock reset
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\user.js
FF user.js: detected! => C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\user.js
FF user.js: detected! => C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696\user.js
FF SearchPlugin: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\searchplugins\mozilla-add-ons.xml
FF SearchPlugin: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\searchplugins\youtube-video-search.xml
FF SearchPlugin: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\searchplugins\wiktionary-en.xml
FF SearchPlugin: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\searchplugins\youtube-video-search.xml
FF Extension: ChaCha Guide App Toolbar - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\chachaguidebar@chacha.com [2011-05-19]
FF Extension: ClickCapper - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\clickcapper@codewolf [2011-01-15]
FF Extension: ChaCha StatsClicker - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\statsclicker@codewolf [2011-01-14]
FF Extension: Zynga Community Toolbar - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2013-07-28]
FF Extension: Personas Plus - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\personas@christopher.beard.xpi [2013-07-28]
FF Extension: FoxyTunes - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2011-04-08]
FF Extension: anonymoX - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\client@anonymox.net.xpi [2013-10-11]
FF Extension: Download Statusbar - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-08]
FF Extension: No Name - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696\extensions\chachaguidebar@chacha.com.xpi [Not Found]
FF Extension: No Name - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696\extensions\leethax@leethax.net.xpi [Not Found]
FF Extension: No Name - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [Not Found]
CHR Extension: (TastyPlug) - C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\faccgibalfdoihmenknhpfhldkmgaang [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [aaaanijiojpcccpkjdjjmjghddcgcbfj] - C:\Users\Mama\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.15.2.0.crx [2012-06-15]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mama\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mama\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mama\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mama\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mama\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0E347958-BA68-4346-8D18-1F4D6A3925A3} - System32\Tasks\{7C7B0A72-0FC0-4A7C-A6A9-24462AED5213} => pcalua.exe -a C:\Users\Mama\Downloads\CleanUp452(2)(2)(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {1F37C298-C3AA-4410-84E7-14A03F51AA1B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3563F4E3-28AB-4F76-ACFF-0E2DAD492C4E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {62932488-D7A5-4002-8AF4-149D1F869DFD} - System32\Tasks\Free File Viewer Update Checker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-07-07] (Bitberry Software)
Task: {6630DABF-A4D7-4B8F-A7AB-00BF14F42E9A} - System32\Tasks\ZatisfiUpdateTaskMachineCore => C:\Program Files (x86)\Zatisfi\Update\ZatisfiUpdate.exe [2010-06-17] (Zatisfi LLC)
Task: {AEEA1B7B-D8D4-47E0-8B52-50177318BD83} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-05-04] () <==== ATTENTION
Task: {CD688555-1591-4F17-B21F-08BB3EC4865C} - System32\Tasks\ZatisfiUpdateTaskMachineUA => C:\Program Files (x86)\Zatisfi\Update\ZatisfiUpdate.exe [2010-06-17] (Zatisfi LLC)
Task: C:\Windows\Tasks\Free File Viewer Update Checker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\ZatisfiUpdateTaskMachineCore.job => C:\Program Files (x86)\Zatisfi\Update\ZatisfiUpdate.exe
Task: C:\Windows\Tasks\ZatisfiUpdateTaskMachineUA.job => C:\Program Files (x86)\Zatisfi\Update\ZatisfiUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtectMe => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
2015-02-22 00:09 - 2010-06-17 01:02 - 00000852 _____ () C:\Windows\Tasks\ZatisfiUpdateTaskMachineCore.job
2015-02-22 00:09 - 2010-08-14 16:52 - 00000400 _____ () C:\Windows\Tasks\Free File Viewer Update Checker.job
2015-02-22 00:09 - 2010-08-11 15:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 00:09 - 2010-06-17 01:02 - 00000852 _____ () C:\Windows\Tasks\ZatisfiUpdateTaskMachineCore.job
2015-02-22 00:09 - 2010-05-21 13:17 - 00000000 ____D () C:\Users\Mama\AppData\Local\SoftThinks
2015-02-22 00:09 - 2010-03-30 23:06 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-02-22 00:09 - 2010-03-30 23:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-02-15 14:25 - 2010-06-26 10:29 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-05 23:23 - 2010-06-17 01:02 - 00000854 _____ () C:\Windows\Tasks\ZatisfiUpdateTaskMachineUA.job
C:\ProgramData\uninstaller.exe
C:\Windows\system32\ProtectMe64.dll
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Lavasoft
C:\Program Files (x86)\FreeFileViewer
C:\Program Files (x86)\Zatisfi
C:\Program Files (x86)\Ask.com
EmptyTemp:
Reboot:
end
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\Software\Microsoft\Windows\CurrentVersion\Run\\9100F93AF58CA33619F966D5EFD83F3B5E9A0943._service_run => value deleted successfully.
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f57bc9a-eea8-11e0-914d-a4badbb4e8d5}" => Key deleted successfully.
HKCR\CLSID\{6f57bc9a-eea8-11e0-914d-a4badbb4e8d5} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Restore => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. 
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6D282CB3-ADD2-4F96-84F9-CB9E719E4782}" => Key deleted successfully.
HKCR\CLSID\{6D282CB3-ADD2-4F96-84F9-CB9E719E4782} => Key not found. 
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{906FF9D5-DD88-4477-8E37-F6E55CDE9719}" => Key deleted successfully.
HKCR\CLSID\{906FF9D5-DD88-4477-8E37-F6E55CDE9719} => Key not found. 
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AEFFF697-4C55-4308-8E2A-505E46B2A8DA}" => Key deleted successfully.
HKCR\CLSID\{AEFFF697-4C55-4308-8E2A-505E46B2A8DA} => Key not found. 
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}" => Key deleted successfully.
HKCR\CLSID\{E5F5D888-2587-E012-A817-7038F5690F26} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2F122DA-055F-4df7-8F24-7354DBDBA85B}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A2F122DA-055F-4df7-8F24-7354DBDBA85B}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
 
=========  netsh winsock reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\user.js => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\user.js => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696\user.js => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\searchplugins\bing-zugo.xml => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\searchplugins\mozilla-add-ons.xml => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\searchplugins\youtube-video-search.xml => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\searchplugins\firefox-add-ons.xml => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\searchplugins\wiktionary-en.xml => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\searchplugins\youtube-video-search.xml => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\chachaguidebar@chacha.com => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\clickcapper@codewolf => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\statsclicker@codewolf => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\personas@christopher.beard.xpi => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\client@anonymox.net.xpi => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi => Moved successfully.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696\extensions\chachaguidebar@chacha.com.xpi not found.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696\extensions\leethax@leethax.net.xpi not found.
C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi not found.
C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\faccgibalfdoihmenknhpfhldkmgaang => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj => Key not found. 
C:\Users\Mama\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.15.2.0.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
EagleX64 => Service deleted successfully.
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E347958-BA68-4346-8D18-1F4D6A3925A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E347958-BA68-4346-8D18-1F4D6A3925A3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7C7B0A72-0FC0-4A7C-A6A9-24462AED5213} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C7B0A72-0FC0-4A7C-A6A9-24462AED5213}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F37C298-C3AA-4410-84E7-14A03F51AA1B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F37C298-C3AA-4410-84E7-14A03F51AA1B}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3563F4E3-28AB-4F76-ACFF-0E2DAD492C4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3563F4E3-28AB-4F76-ACFF-0E2DAD492C4E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62932488-D7A5-4002-8AF4-149D1F869DFD} => Key not found. 
C:\Windows\System32\Tasks\Free File Viewer Update Checker not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Free File Viewer Update Checker => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6630DABF-A4D7-4B8F-A7AB-00BF14F42E9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6630DABF-A4D7-4B8F-A7AB-00BF14F42E9A}" => Key deleted successfully.
C:\Windows\System32\Tasks\ZatisfiUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZatisfiUpdateTaskMachineCore" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEEA1B7B-D8D4-47E0-8B52-50177318BD83} => Key not found. 
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD688555-1591-4F17-B21F-08BB3EC4865C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD688555-1591-4F17-B21F-08BB3EC4865C}" => Key deleted successfully.
C:\Windows\System32\Tasks\ZatisfiUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZatisfiUpdateTaskMachineUA" => Key deleted successfully.
C:\Windows\Tasks\Free File Viewer Update Checker.job not found.
C:\Windows\Tasks\ZatisfiUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\ZatisfiUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => Key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => Key not found. 
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BsScanner" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\GoToAssist" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MpfService" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ProtectMe" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully.
"C:\Windows\Tasks\ZatisfiUpdateTaskMachineCore.job" => File/Directory not found.
"C:\Windows\Tasks\Free File Viewer Update Checker.job" => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
"C:\Windows\Tasks\ZatisfiUpdateTaskMachineCore.job" => File/Directory not found.
C:\Users\Mama\AppData\Local\SoftThinks => Moved successfully.
C:\Users\Default\AppData\Local\SoftThinks => Moved successfully.
"C:\Users\Default User\AppData\Local\SoftThinks" => File/Directory not found.
C:\ProgramData\TEMP => Moved successfully.
"C:\Windows\Tasks\ZatisfiUpdateTaskMachineUA.job" => File/Directory not found.
C:\ProgramData\uninstaller.exe => Moved successfully.
C:\Windows\system32\ProtectMe64.dll => Moved successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"C:\Program Files (x86)\Lavasoft" => File/Directory not found.
"C:\Program Files (x86)\FreeFileViewer" => File/Directory not found.
C:\Program Files (x86)\Zatisfi => Moved successfully.
"C:\Program Files (x86)\Ask.com" => File/Directory not found.
EmptyTemp: => Removed 471.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 03:50:04 ====
 
AdwCleaner[s0].txt
 
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 04:06:38
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mama - MAMA-PC
# Running from : C:\Users\Mama\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\registry mechanic
Folder Deleted : C:\Program Files (x86)\Zynga
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\Mama\AppData\Local\apn
Folder Deleted : C:\Users\Mama\AppData\Local\Conduit
Folder Deleted : C:\Users\Mama\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mama\AppData\LocalLow\Toolbar4
File Deleted : C:\END
File Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\invalidprefs.js
File Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\invalidprefs.js
File Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Cores
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[8lbx5t91.nick\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3291327&octid=CT3291327&SearchSource=61&CUI=UN22663103993257713&UM=2&UP=SP2258E2A7-E577-4015-A90C-D957A966F5F4");
[8lbx5t91.nick\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.nintendo.com/?country=US〈=en");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 25 2010 16:33:23 GMT-0500 (Central Daylight Time)");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon May 24 2010 19:01:59 GMT-0500 (Central Daylight Time)");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.userId", "{a9070294-f95f-4955-adf8-33c157739352}");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 28);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 28);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1375069598418");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.comp.affiliate.2810218.disabled", true);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", true);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", true);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.revision", "35");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", true);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "3CEB19B04D222421CF6C7A2E60CB456F8C8E94E3A86827BCD1AFAF7314EF6EE04F5E8B0CE5EEFE39F54D062527ABE21E87360214530168C60021A530BE9F8A8F");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "35085229");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "f9c0a7eb5a692dd26cb48be7ee19673f7857481e");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", true);
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3291327&octid=CT3291327&SearchSource=61&CUI=UN22663103993257713&UM=2&UP=SP2258E2A7-E577-4015-A90C-D957A966F5F4");
[96zh47e8.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "search.swagbucks.com");
 
-\\ Google Chrome v
 
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=92E2020054746872&affID=119557&tsp=4964
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=92E2020054746872&affID=119557&tsp=4964
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [16529 bytes] - [25/02/2015 04:01:43]
AdwCleaner[s0].txt - [16782 bytes] - [25/02/2015 04:06:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [16842  bytes] ##########
 

 

Link to post
Share on other sites

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead.  ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner  <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below.  Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file.  Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please.  Thanks.

Link to post
Share on other sites

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01

Ran by Mama at 2015-02-26 23:01:40 Run:2

Running from C:\Users\Mama\Desktop

Loaded Profiles: Mama (Available profiles: Mama)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CreateRestorePoint:

CloseProcesses:

C:\Users\Mama\Downloads\CheatEngine62.exe

C:\Users\Mama\Downloads\cnet2_setupxpara_exe.exe

C:\Users\Mama\Downloads\dfsetup213.exe

C:\Users\Mama\Downloads\dfsetup215.exe

C:\Users\Mama\Downloads\DropDownDealsSetup.exe

C:\Users\Mama\Downloads\setup (1).exe

C:\Users\Mama\Downloads\setup (2).exe

C:\Users\Mama\Downloads\Shockwave_Installer_Slim (2).exe

C:\Users\Mama\Downloads\spsetup122.exe

C:\Windows\System32\Adobe\Shockwave 12\gt.exe

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe

EmptyTemp:

Reboot:

end

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

C:\Users\Mama\Downloads\CheatEngine62.exe => Moved successfully.

C:\Users\Mama\Downloads\cnet2_setupxpara_exe.exe => Moved successfully.

C:\Users\Mama\Downloads\dfsetup213.exe => Moved successfully.

C:\Users\Mama\Downloads\dfsetup215.exe => Moved successfully.

C:\Users\Mama\Downloads\DropDownDealsSetup.exe => Moved successfully.

C:\Users\Mama\Downloads\setup (1).exe => Moved successfully.

C:\Users\Mama\Downloads\setup (2).exe => Moved successfully.

C:\Users\Mama\Downloads\Shockwave_Installer_Slim (2).exe => Moved successfully.

C:\Users\Mama\Downloads\spsetup122.exe => Moved successfully.

"C:\Windows\System32\Adobe\Shockwave 12\gt.exe" => File/Directory not found.

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe => Moved successfully.

EmptyTemp: => Removed 80.3 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 23:04:19 ====

Link to post
Share on other sites

How is your system running now?


We need to get a fresh scan from FRST.

  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Link to post
Share on other sites

It's running pretty great. No lag. :)

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Mama (administrator) on MAMA-PC on 28-02-2015 01:39:02
Running from C:\Users\Mama\Desktop
Loaded Profiles: Mama (Available profiles: Mama)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Mama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Dropbox, Inc.) C:\Users\Mama\AppData\Roaming\Dropbox\bin\Dropbox.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Mama\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mama\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mama\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mama\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mama\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mama\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [RMAlert] => "C:\Program Files (x86)\Registry Mechanic\Alert.exe" /PRODUCT=RM /R
HKLM-x32\...\Run: [FATrayAlert] => c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95496 2009-06-24] (Sensible Vision )
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-30] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\Run: [Google Update] => C:\Users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\Run: [spotify Web Helper] => C:\Users\Mama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-30] (Spotify Ltd)
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\Run: [spotify] => C:\Users\Mama\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-30] (Spotify Ltd)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RobloxPluginCatalog.application ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM -> {906FF9D5-DD88-4477-8E37-F6E55CDE9719} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {AEFFF697-4C55-4308-8E2A-505E46B2A8DA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4139313771-1929202724-424194219-1000 -> {4983404D-8578-47B2-A4E5-D700B77E5882} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\wz9lmx74.default-1375006704696
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4139313771-1929202724-424194219-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-68c511c8ee3948f6\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4139313771-1929202724-424194219-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-68c511c8ee3948f6\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4139313771-1929202724-424194219-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mama\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4139313771-1929202724-424194219-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mama\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4139313771-1929202724-424194219-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mama\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Vista-aero - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\96zh47e8.default\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2010-10-24]
FF Extension: Xmarks - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\foxmarks@kei.com [2013-10-13]
FF Extension: Vista-aero - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2010-11-12]
FF Extension: Adblock Plus - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-08]
FF Extension: Tab Mix Plus - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\8lbx5t91.nick\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-10-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-31]
 
Chrome: 
=======
CHR Profile: C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Cast) - C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-29]
CHR Extension: (Adblock Plus) - C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-04]
CHR Extension: (No Name) - C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\faccgibalfdoihmenknhpfhldkmgaang [2015-02-25]
CHR Extension: (Avast Online Security) - C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-31]
CHR Extension: (Google Wallet) - C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]
StartMenuInternet: Google Chrome - C:\Users\Mama\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-04-08] (PC Tools)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21072 2010-08-29] (Mobile Stream)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 01:39 - 2015-02-28 01:39 - 00021838 _____ () C:\Users\Mama\Desktop\FRST.txt
2015-02-26 23:01 - 2015-02-26 23:01 - 00000000 ____D () C:\Users\Mama\Desktop\FRST-OlderVersion
2015-02-26 03:02 - 2015-01-08 17:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 03:02 - 2015-01-08 17:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 22:54 - 2015-02-25 22:56 - 02347384 _____ (ESET) C:\Users\Mama\Downloads\esetsmartinstaller_enu.exe
2015-02-25 04:01 - 2015-02-25 04:06 - 00000000 ____D () C:\AdwCleaner
2015-02-25 03:58 - 2015-02-25 03:59 - 02126848 _____ () C:\Users\Mama\Desktop\AdwCleaner.exe
2015-02-25 03:54 - 2015-02-26 23:07 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-02-25 03:54 - 2015-02-26 23:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-02-25 03:54 - 2015-02-25 03:54 - 00000000 ____D () C:\Users\Mama\AppData\Local\SoftThinks
2015-02-25 03:44 - 2015-02-25 03:44 - 00000000 ____D () C:\Users\Mama\Downloads\FRST-OlderVersion
2015-02-22 00:52 - 2015-02-22 00:52 - 00158765 _____ () C:\MBAM_2-22-15.txt
2015-02-22 00:30 - 2015-02-22 00:31 - 00038183 _____ () C:\Users\Mama\Downloads\Addition.txt
2015-02-22 00:28 - 2015-02-22 00:31 - 00050166 _____ () C:\Users\Mama\Downloads\FRST.txt
2015-02-22 00:27 - 2015-02-28 01:39 - 00000000 ____D () C:\FRST
2015-02-22 00:26 - 2015-02-26 23:01 - 02087936 _____ (Farbar) C:\Users\Mama\Desktop\FRST64.exe
2015-02-22 00:22 - 2015-02-22 00:22 - 00000000 ____D () C:\Users\Mama\AppData\Roaming\TeamViewer
2015-02-22 00:21 - 2015-02-22 00:22 - 07782048 _____ (TeamViewer GmbH) C:\Users\Mama\Downloads\TeamViewer_Setup_en.exe
2015-02-21 20:06 - 2015-02-21 20:06 - 00000000 __SHD () C:\Users\Mama\AppData\Local\EmieBrowserModeList
2015-02-19 18:55 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-19 18:55 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-19 18:55 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-19 18:54 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-16 16:45 - 2015-01-22 22:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-16 16:45 - 2015-01-22 22:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-16 16:45 - 2015-01-22 21:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-16 16:45 - 2015-01-22 21:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 22:45 - 2015-01-13 23:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 22:45 - 2015-01-13 23:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 22:45 - 2015-01-11 21:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 22:45 - 2015-01-11 21:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 22:45 - 2015-01-11 20:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 22:45 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 22:45 - 2015-01-11 20:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 22:45 - 2015-01-11 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 22:45 - 2015-01-11 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 22:45 - 2015-01-11 20:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 22:45 - 2015-01-11 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 22:45 - 2015-01-11 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 22:45 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 22:45 - 2015-01-11 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 22:45 - 2015-01-11 20:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 22:45 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 22:45 - 2015-01-11 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 22:45 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 22:45 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 22:45 - 2015-01-11 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 22:45 - 2015-01-11 20:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 22:45 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 22:45 - 2015-01-11 20:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 22:45 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 22:45 - 2015-01-11 20:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 22:45 - 2015-01-11 19:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 22:45 - 2015-01-11 19:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 22:45 - 2015-01-11 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 22:45 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 22:45 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 22:45 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 22:45 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 22:45 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 22:45 - 2015-01-11 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 22:45 - 2015-01-11 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 22:45 - 2015-01-11 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 22:45 - 2015-01-11 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 22:45 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 22:45 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 22:45 - 2015-01-11 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 22:45 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 22:45 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 22:45 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 22:45 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 22:45 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 22:45 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 22:44 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 22:44 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 22:44 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 22:44 - 2015-01-11 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 22:44 - 2015-01-11 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 22:44 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 22:43 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 22:43 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 22:43 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 22:43 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 22:43 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 22:43 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 22:43 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 22:43 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 22:43 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 22:43 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 22:43 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 22:43 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 22:43 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 22:43 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 22:43 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 22:43 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 22:43 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 22:43 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 22:42 - 2015-02-03 21:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 22:42 - 2015-02-03 21:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 22:42 - 2015-02-03 21:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 22:42 - 2015-02-03 21:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 22:42 - 2015-02-03 21:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 22:42 - 2015-02-03 21:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 22:42 - 2015-02-03 21:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 22:42 - 2015-01-27 17:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 22:41 - 2015-01-10 00:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 22:41 - 2015-01-10 00:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 22:41 - 2015-01-10 00:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 22:41 - 2015-01-10 00:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 22:41 - 2015-01-10 00:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 22:41 - 2015-01-10 00:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 22:41 - 2015-01-10 00:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 22:41 - 2015-01-10 00:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 22:41 - 2015-01-10 00:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 22:41 - 2015-01-10 00:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 22:41 - 2015-01-10 00:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 22:41 - 2015-01-10 00:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 22:41 - 2015-01-10 00:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 22:41 - 2015-01-10 00:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 22:40 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 22:40 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 22:36 - 2014-12-11 23:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 22:36 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 22:36 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 22:36 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 22:36 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 22:36 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 22:34 - 2014-11-25 21:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 22:34 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 22:34 - 2014-10-03 20:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 22:34 - 2014-10-03 19:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 22:34 - 2014-10-03 19:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-10 22:30 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 22:30 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 22:30 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 22:30 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 22:30 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 22:30 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 22:30 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 22:30 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 22:30 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 22:29 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 22:25 - 2015-02-10 22:25 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 01:34 - 2010-08-11 15:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 01:33 - 2011-03-22 18:13 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139313771-1929202724-424194219-1000UA.job
2015-02-28 01:32 - 2012-04-16 09:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-28 01:32 - 2011-01-03 15:29 - 01873016 _____ () C:\Windows\WindowsUpdate.log
2015-02-28 01:31 - 2011-03-22 18:13 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139313771-1929202724-424194219-1000Core.job
2015-02-26 23:15 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 23:15 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 23:10 - 2011-12-26 23:26 - 00000000 ___RD () C:\Users\Mama\Dropbox
2015-02-26 23:09 - 2013-11-14 00:08 - 00000000 ____D () C:\Users\Mama\AppData\Roaming\Spotify
2015-02-26 23:09 - 2011-12-26 23:22 - 00000000 ____D () C:\Users\Mama\AppData\Roaming\Dropbox
2015-02-26 23:08 - 2010-03-30 22:39 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-02-26 23:06 - 2015-01-19 21:46 - 00000896 _____ () C:\Windows\setupact.log
2015-02-26 23:06 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 23:05 - 2015-01-19 21:46 - 00304862 _____ () C:\Windows\PFRO.log
2015-02-25 04:12 - 2014-10-31 18:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-25 04:06 - 2014-07-30 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-22 00:50 - 2014-06-01 21:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-22 00:08 - 2010-09-20 10:09 - 00000000 ____D () C:\Windows\Minidump
2015-02-21 23:17 - 2012-04-25 10:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-21 20:22 - 2014-04-01 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-02-21 19:48 - 2011-03-22 18:14 - 00002362 _____ () C:\Users\Mama\Desktop\Google Chrome.lnk
2015-02-19 20:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2015-02-16 16:12 - 2009-07-13 22:45 - 02267960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 15:18 - 2014-12-11 21:50 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-15 15:18 - 2014-05-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-15 13:44 - 2010-03-30 22:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 13:40 - 2013-08-14 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-15 13:07 - 2010-05-22 12:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-15 12:56 - 2011-12-26 23:26 - 00001017 _____ () C:\Users\Mama\Desktop\Dropbox.lnk
2015-02-15 12:56 - 2011-12-26 23:23 - 00000000 ____D () C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-10 22:26 - 2012-04-16 09:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-10 22:25 - 2012-04-16 09:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-10 22:25 - 2011-05-19 19:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 23:29 - 2010-08-11 15:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 23:29 - 2010-08-11 15:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 23:28 - 2011-03-22 18:13 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4139313771-1929202724-424194219-1000UA
2015-02-05 23:28 - 2011-03-22 18:13 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4139313771-1929202724-424194219-1000Core
 
Some content of TEMP:
====================
C:\Users\Mama\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprcuj3i.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 21:50
 
==================== End Of Log ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Mama at 2015-02-28 01:40:28
Running from C:\Users\Mama\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
ChromecastApp (HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EasyTether (HKLM\...\{4BF3A357-3C4F-49EE-B16C-D45D7D7F1819}) (Version: 1.1.13 - Mobile Stream)
FastAccess (HKLM\...\{B4735ADA-2C32-4DB1-809C-D3D424343ED9}) (Version: 2.4.7.1 - Sensible Vision)
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FoxyTunes for Firefox (HKLM-x32\...\FoxyTunesForFirefox) (Version:  - )
Google Chrome (HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Instant Eyedropper 1.75 (HKLM-x32\...\Instant Eyedropper_is1) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 2.6.1 (remove only) (HKLM-x32\...\ManyCam) (Version: 2.6.1 - ManyCam LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Oracle VM VirtualBox 4.1.4 (HKLM\...\{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}) (Version: 4.1.4 - Oracle Corporation)
Pando (HKLM-x32\...\{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}) (Version: 2.5.1.4 - Pando Networks Inc.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Profile Song  (FF) (HKLM-x32\...\{02C789A2-7EC9-491F-8BF5-849EAAA62765}) (Version: 1.0.1 - ProfileSong)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Registry Mechanic 10.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 10.0 - PC Tools)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Seesmic Desktop 2 (HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\1088356867.d.seesmic.com) (Version:  - d.seesmic.com)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
Spotify (HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-4139313771-1929202724-424194219-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
xParanormal Detector version 2.5 (HKLM-x32\...\{F960179C-72F7-4516-A71A-C7AE5D18DD84}_is1) (Version: 2.5 - eXtremeSenses Software)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mama\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mama\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4139313771-1929202724-424194219-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mama\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
20-01-2015 22:15:27 Windows Update
25-01-2015 22:31:39 Windows Update
30-01-2015 23:13:41 Windows Update
03-02-2015 22:08:33 Windows Update
10-02-2015 22:29:07 Windows Update
15-02-2015 12:56:39 Windows Update
19-02-2015 18:36:59 Windows Update
19-02-2015 20:23:23 Windows Update
25-02-2015 03:42:53 Windows Update
25-02-2015 03:46:19 Restore Point Created by FRST
26-02-2015 03:00:57 Windows Update
26-02-2015 23:02:02 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05C08019-262F-4EA2-A517-CA09D5F4D3AA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4139313771-1929202724-424194219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {121C14CC-FF83-4353-A7AC-557B6E6C877F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-10] (Adobe Systems Incorporated)
Task: {2240F8C6-F6AE-4742-8B17-A46CD836C96E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4139313771-1929202724-424194219-1000UA => C:\Users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {2CCAC546-50BE-44DE-ABC3-971E2BB9C5A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {76B11BF0-85EF-4017-B9C3-14E4C9DFBA5A} - System32\Tasks\RealCreateProcessScheduledTask9956997S-1-5-21-4139313771-1929202724-424194219-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
Task: {7C197252-BBB7-4230-86AF-1A27BDFB47A4} - System32\Tasks\RMSchedule_219 => C:\Program Files (x86)\Registry Mechanic\Launcher.exe
Task: {9B668F33-4635-408E-9435-B87718632F1A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {AAB72E93-4424-4F49-8A39-7EB82AA7F166} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BA6EC3C6-CF1A-4F9A-9B30-5ABA99A6636C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {CA9BC846-B803-4D3A-A850-6524EF4A138E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-14] (AVAST Software)
Task: {D98F2791-2C44-403C-9AB1-746223DE959B} - System32\Tasks\{5E7D473D-7ABD-4020-B28C-842B4B304D4D} => pcalua.exe -a "C:\Program Files (x86)\McAfee\MSC\mcuninst.exe"
Task: {E0315146-29BC-4511-B905-312658C06F9E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4139313771-1929202724-424194219-1000Core => C:\Users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {ECE2E889-143F-4805-AA32-41EE230ED191} - System32\Tasks\D68N6BL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {F12947E7-38B4-47C1-A5AD-2241BD709D6B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4139313771-1929202724-424194219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F8C13681-ED34-4692-9BB6-AF0F45185EDB} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\Registry Mechanic\update.exe
Task: {F8C1D65E-F139-4D6A-90AB-DFD66A56AAC0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139313771-1929202724-424194219-1000Core.job => C:\Users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139313771-1929202724-424194219-1000UA.job => C:\Users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-03-30 22:29 - 2009-07-16 19:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-03-30 22:29 - 2009-07-16 19:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-03-30 22:39 - 2011-08-18 09:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-02-26 22:44 - 2015-02-26 22:44 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022601\algo.dll
2015-02-28 01:32 - 2015-02-28 01:32 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022800\algo.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-10 15:00 - 2015-02-10 15:00 - 00750080 _____ () C:\Users\Mama\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-26 23:09 - 2015-02-26 23:09 - 00043008 _____ () c:\users\mama\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprcuj3i.dll
2015-02-10 15:00 - 2015-02-10 15:00 - 00047616 _____ () C:\Users\Mama\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 15:00 - 2015-02-10 15:00 - 00865280 _____ () C:\Users\Mama\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 15:00 - 2015-02-10 15:00 - 00200704 _____ () C:\Users\Mama\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-14 18:23 - 2014-11-14 18:23 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-21 19:46 - 2015-02-17 16:44 - 01117512 _____ () C:\Users\Mama\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 19:45 - 2015-02-17 16:44 - 00211272 _____ () C:\Users\Mama\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 19:46 - 2015-02-17 16:44 - 09171272 _____ () C:\Users\Mama\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4139313771-1929202724-424194219-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mama^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: "C: => 
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcagent_exe => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSN Toolbar => "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4139313771-1929202724-424194219-500 - Administrator - Disabled)
Guest (S-1-5-21-4139313771-1929202724-424194219-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4139313771-1929202724-424194219-1002 - Limited - Enabled)
Mama (S-1-5-21-4139313771-1929202724-424194219-1000 - Administrator - Enabled) => C:\Users\Mama
 
==================== Faulty Device Manager Devices =============
 
Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/27/2015 05:50:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005
 
Error: (02/26/2015 11:01:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {594a9f01-6cb6-40dd-a887-93b34cb6b96d}
 
Error: (02/26/2015 11:00:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/26/2015 10:48:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005
 
Error: (02/26/2015 03:03:55 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005
 
Error: (02/26/2015 01:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15772
 
Error: (02/26/2015 01:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15772
 
Error: (02/26/2015 01:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/25/2015 10:57:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/25/2015 10:57:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (02/27/2015 05:49:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (02/26/2015 11:07:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (02/26/2015 11:07:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (02/26/2015 11:05:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (02/26/2015 11:05:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (02/26/2015 11:04:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (02/26/2015 11:03:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (02/26/2015 11:03:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/26/2015 11:03:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/26/2015 11:03:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 52%
Total physical RAM: 3032.36 MB
Available physical RAM: 1428.33 MB
Total Pagefile: 6062.91 MB
Available Pagefile: 4036.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:143.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 430A03C8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

One possible nasty left (but it could be a old left over registry entry):
 

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Yahoo! Detect

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
 


After the uninstall,
 

All right!! :D Your logs are clean and you're good to go now!! :lol: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that I recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.10 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).


You are now done! :D :D :D :D

Now some information on programs to help keep you safe:

Along with Malwarebytes Antimalware, use the following as a base level security:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!

Link to post
Share on other sites

Thanks a lot for all your help. :)  Here's that last log.

 

# DelFix v10.9 - Logfile created 01/03/2015 at 05:22:48
# Updated 27/02/2015 by Xplode
# Username : Mama - MAMA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mama\Downloads\FRST-OlderVersion
Deleted : C:\Users\Mama\Desktop\FRST-OlderVersion
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\Users\Mama\Desktop\Addition.txt
Deleted : C:\Users\Mama\Desktop\AdwCleaner.exe
Deleted : C:\Users\Mama\Desktop\Fixlog.txt
Deleted : C:\Users\Mama\Desktop\FRST.txt
Deleted : C:\Users\Mama\Desktop\FRST64.exe
Deleted : C:\Users\Mama\Desktop\HiJackThis.lnk
Deleted : C:\Users\Mama\Downloads\Addition.txt
Deleted : C:\Users\Mama\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Mama\Downloads\FRST.txt
Deleted : C:\Users\Mama\Downloads\HiJackThis.msi
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #628 [Windows Update | 01/21/2015 04:15:27]
Deleted : RP #629 [Windows Update | 01/26/2015 04:31:39]
Deleted : RP #630 [Windows Update | 01/31/2015 05:13:41]
Deleted : RP #631 [Windows Update | 02/04/2015 04:08:33]
Deleted : RP #632 [Windows Update | 02/11/2015 04:29:07]
Deleted : RP #633 [Windows Update | 02/15/2015 18:56:39]
Deleted : RP #634 [Windows Update | 02/20/2015 00:36:59]
Deleted : RP #635 [Windows Update | 02/20/2015 02:23:23]
Deleted : RP #636 [Windows Update | 02/25/2015 09:42:53]
Deleted : RP #638 [Restore Point Created by FRST | 02/25/2015 09:46:19]
Deleted : RP #639 [Windows Update | 02/26/2015 09:00:57]
Deleted : RP #641 [Restore Point Created by FRST | 02/27/2015 05:02:02]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.