Jump to content

BikiniLand and persistent Optimizer Pro 3.38 from Filezilla on SourceForge


richb
 Share

Recommended Posts

I naively downloaded FileZilla from SourceForge (it used to be ok when I used SourceForge for Pidgin client).  After starting that up, I was accosted by BikiniLand and Optimizer Pro 3.38.  I downloaded MalWareBytes Trail version which apparently got rid of all traces of BikiniLand, but I appear to be stuck with Optimizer Pro 3.38, which I cannot get rid of.  Actually, I've deleted all the files in the C:\Program Files (x86)\Optimizer Pro 3.38 directory except OptProMon.dll.  Attempting to delete those give me the error "The action can't be completed because the file is open in Optimizer Pro Crash Monitor" -- something I cannot find.  Following your instructions, here are the files from FRST:

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by rbrinega (administrator) on RBRINEGA-LAP on 23-02-2015 18:21:53
Running from C:\Users\rbrinega.ORADEV\Documents\frst
Loaded Profiles: rbrinega (Available profiles: rbrinega & support & rbrinega & rbrinega)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe
( ) C:\Windows\System32\lxbmcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Oracle Corporation) C:\ProgramData\Oracle\MyDesktop\mydesktopservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Oracle) C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe
() C:\Program Files (x86)\Tether\TBService.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Google Inc.) C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Cisco Systems) C:\Program Files (x86)\Cisco Systems\Click to Call\main\exe\clicktocall.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Oracle) C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\Click to Call\add-ins\smarttag\communicator\communicator.exe
(Oracle) C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-02-21] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [lxbmmon.exe] => C:\Program Files (x86)\Lexmark 4200 Series\lxbmmon.exe [230056 2009-04-27] (Lexmark International, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [180224 2011-04-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-09-23] (Google)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco ClickToCall] => C:\Program Files (x86)\Cisco Systems\Click to Call\main\exe\clicktocall.exe [882016 2011-02-25] (Cisco Systems)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337768 2014-02-20] (McAfee, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Run: [Google Update] => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-16] (Google Inc.)
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.38\OptProLauncher.exe
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Run: [GoogleChromeAutoLaunch_EC56814605A5402EDF141134199A8E84] => "C:\Users\rbrinega.ORADEV\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\RunOnce: [Adobe Speed Launcher] => 1424712509
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {44cd653c-696c-11e2-9796-5c260a69d9d3} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {5d77d173-19a1-11e1-b7f6-5c260a69d9d3} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {6e4c2f65-8cf7-11e3-9925-5c260a69d9d3} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {713836bd-0fa4-11e1-b8bb-5c260a69d9d3} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {9074e1a7-e7e8-11e2-97f0-5c260a69d9d3} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {a6831b47-4f06-11e2-a543-5c260a69d9d3} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {b3b64599-86bd-11e2-962b-5c260a69d9d3} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {c053c27c-cf9c-11e1-b9cb-5c260a69d9d3} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {c1ce400c-4c33-11e1-b75c-5c260a69d9d3} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [ClickToCallConfig] => C:\ProgramData\Oracle\BaseImage\config\config_cisco_clicktocall.exe [169453 2011-06-13] ()
HKU\S-1-5-18\...\RunOnce: [iPCConfig] => C:\ProgramData\Oracle\BaseImage\config\cisco_ipcommunicator-cfg.exe [215519 2011-03-07] ()
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-09-23] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ProfileCopier.lnk
ShortcutTarget: ProfileCopier.lnk -> C:\Program Files\Profile Copier\ProfileCopier.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startControlconfig.lnk
ShortcutTarget: startControlconfig.lnk -> C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startControlconfig.lnk
ShortcutTarget: startControlconfig.lnk -> C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta ()
Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk
ShortcutTarget: Oracle Open Office 3.3.lnk -> C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe ()
Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stuff.wri.lnk
ShortcutTarget: stuff.wri.lnk -> D:\x\stuff.wri ()
Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk
ShortcutTarget: Oracle Open Office 3.3.lnk -> C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe ()
Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stuff.wri.lnk
ShortcutTarget: stuff.wri.lnk -> D:\x\stuff.wri ()
Startup: C:\Users\rbrinega.ST-USERS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk
ShortcutTarget: Oracle Open Office 3.3.lnk -> C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe ()
Startup: C:\Users\rbrinega.ST-USERS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stuff.wri.lnk
ShortcutTarget: stuff.wri.lnk -> D:\x\stuff.wri ()
Startup: C:\Users\support\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startControlconfig.lnk
ShortcutTarget: startControlconfig.lnk -> C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [s-1-5-21-3138815620-4253048750-3916773603-50764] => http://wpad/wpad.dat
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com
HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLG_en
URLSearchHook: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {59C2215F-74F9-4B21-A776-F27FE99CF887} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {59C2215F-74F9-4B21-A776-F27FE99CF887} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM -> {C37BBE81-5CF4-4826-812D-52BC377FBE2C} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> DefaultScope {407D9884-164B-486A-B6EF-E3299576834E} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir=
SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131014&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {407D9884-164B-486A-B6EF-E3299576834E} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir=
SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=XFhmI9B67eZ63y2PqBfPungU6M4?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {D55F3D85-A6E0-484D-8A9E-964DE5A2E395} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLD_en
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140713135551.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140713135553.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {00191E4B-49C2-48E2-A548-8F702D75622A} https://strtc.oracle.com/imtapp/res/jar/cnsload.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EB01EBAB-25F9-4C5B-A704-BB532C6B0A24} http://emgc.us.oracle.com/em/console/monitoring/website/txn/lib/OraDHTMLRec.CAB
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{DD0F31FA-BE92-4AE2-B2E5-75B6A8A08E09}: [NameServer] 198.17.210.130,144.24.23.18
Tcpip\..\Interfaces\{F6758CBC-D36D-4030-A4B1-0C70087D054B}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF NetworkProxy: "autoconfig_url", "http://wpad/wpad.dat"
FF NetworkProxy: "backup.ftp", "www-proxy.us.oracle.com"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.gopher", "adc-proxy.oracle.com"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "www-proxy.us.oracle.com"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "www-proxy.us.oracle.com"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "www-proxy.us.oracle.com"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "gopher", "www-proxy.us.oracle.com"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "www-proxy.us.oracle.com"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", ".oracle.com, .us.oracle.com, .oraclecorp.com, .oracleads.com, .oracleportal.com, 140.87.245.22, 140.87.245.21, 127.0.0.1, crmondemand.com,192.168.0.1"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "www-proxy.us.oracle.com"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "www-proxy.us.oracle.com"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.3012 -> C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.2.3070 -> C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1830 -> C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3138815620-4253048750-3916773603-50764: @tools.google.com/Google Update;version=3 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3138815620-4253048750-3916773603-50764: @tools.google.com/Google Update;version=9 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3138815620-4253048750-3916773603-50764: @zoom.us/ZoomVideoPlugin -> C:\Users\rbrinega.ORADEV\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\rbrinega.ORADEV\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\searchplugins\oracle-bug-number.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Flashblock - C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-11]
FF Extension: Firebug - C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\Extensions\firebug@software.joehewitt.com.xpi [2014-11-07]
FF Extension: Better Bug - C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\Extensions\{7cad0727-da80-44e6-ab41-2fe3875883fe}.xpi [2014-11-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{be327679-1381-4aaa-93b3-4495c36762c5}] - C:\Program Files (x86)\Cisco Systems\Click to Call\add-ins\firefox
FF Extension: Cisco Click to Call - C:\Program Files (x86)\Cisco Systems\Click to Call\add-ins\firefox [2011-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-05-11]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-10-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir="
CHR DefaultSearchKeyword: Default -> binkiland.com
CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-11-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07]
CHR Extension: (Google Cast) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-31]
CHR Extension: (Google Calendar) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-11-07]
CHR Extension: (SiteAdvisor) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-07]
CHR Extension: (Search Center) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0084541424741323mcinstcleanup; C:\windows\TEMP\008454~1.EXE [827456 2012-01-09] (McAfee, Inc.)
R2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1652280 2015-02-20] ()
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
R2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-09-23] (Google)
R2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.)
R2 lxbm_device; C:\windows\system32\lxbmcoms.exe [566192 2007-01-30] ( )
R2 lxbm_device; C:\windows\SysWOW64\lxbmcoms.exe [537520 2007-01-30] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [226624 2010-03-25] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-02-12] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127848 2014-02-20] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-07-13] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-07-13] (McAfee, Inc.)
R2 MyDesktopWindows; C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [5778304 2014-08-08] (Oracle Corporation)
R2 QOSMyDesktop; C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [470016 2009-10-13] (Oracle) [File not signed]
R2 Tether; C:\Program Files (x86)\Tether\TBService.exe [50416 2011-09-29] () [File not signed]
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
R3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
R3 firelm01; C:\windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.)
R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.)
R1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)
R3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.)
R3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.)
R3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-07-13] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-07-13] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-07-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-07-13] (McAfee, Inc.)
S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [84424 2010-10-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-07-13] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 18:19 - 2015-02-23 18:21 - 00000000 ____D () C:\Users\rbrinega.ORADEV\Documents\frst
2015-02-23 16:58 - 2015-02-08 13:23 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2015-02-23 16:57 - 2015-02-23 16:57 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-02-23 16:57 - 2015-02-23 16:57 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-23 16:52 - 2015-02-23 16:55 - 85906432 _____ () C:\Users\rbrinega.ORADEV\Downloads\oracle-jre-7.0.75-win.exe
2015-02-23 09:27 - 2015-02-23 09:27 - 00134169 _____ () C:\windows\SysWOW64\api_hook_list.dat
2015-02-23 09:27 - 2015-02-23 09:27 - 00002033 _____ () C:\windows\system32\api_hook_list.dat
2015-02-23 09:19 - 2015-02-23 09:19 - 06111012 _____ () C:\Program Files (x86)\delme.zip
2015-02-21 01:48 - 2015-02-21 01:48 - 04437680 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-20 17:06 - 2015-02-23 11:49 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 17:05 - 2015-02-20 17:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\rbrinega.ORADEV\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-20 17:05 - 2015-02-20 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-20 17:05 - 2015-02-20 17:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-20 17:05 - 2015-02-20 17:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 17:05 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-20 17:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-20 17:05 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-20 16:58 - 2015-02-23 18:22 - 00000000 ____D () C:\FRST
2015-02-20 16:12 - 2015-02-20 16:12 - 00000046 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\WB.CFG
2015-02-20 15:17 - 2015-02-23 18:20 - 00000000 ____D () C:\Users\rbrinega.ORADEV\Documents\Optimizer Pro
2015-02-20 15:17 - 2015-02-20 15:17 - 00003262 _____ () C:\windows\System32\Tasks\Optimizer Pro Schedule
2015-02-20 15:17 - 2015-02-20 15:17 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Optimizer Pro
2015-02-20 15:13 - 2015-02-20 17:55 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-02-20 15:13 - 2015-02-20 15:25 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\FileZilla
2015-02-20 15:13 - 2015-02-20 15:13 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SPAM- BLand
2015-02-20 15:13 - 2015-02-20 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-20 15:11 - 2015-02-23 09:24 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.38
2015-02-20 15:11 - 2015-02-20 18:02 - 00000000 ____D () C:\ProgramData\{a6b76fff-fcd7-2fea-a6b7-76ffffcdbfff}
2015-02-20 15:11 - 2015-02-20 15:11 - 00001109 _____ () C:\Users\rbrinega.ORADEV\Desktop\Optimizer Pro.lnk
2015-02-20 15:11 - 2015-02-20 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-02-20 15:08 - 2015-02-20 15:08 - 00749000 _____ (Installer Web ) C:\Users\rbrinega.ORADEV\Documents\FileZilla_3.10.1.1_win32-setup.exe
2015-02-20 12:23 - 2015-01-22 20:07 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-20 12:23 - 2015-01-22 19:59 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-02-20 12:23 - 2015-01-22 19:00 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-20 12:23 - 2015-01-22 18:51 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-02-19 12:34 - 2010-01-26 07:56 - 00040328 _____ (McAfee, Inc.) C:\windows\SysWOW64\HIPIS0e011b5.dll
2015-02-19 12:34 - 2010-01-26 07:44 - 00047080 _____ (McAfee, Inc.) C:\windows\system32\HIPIS0e011b5.dll
2015-02-17 16:57 - 2015-02-17 16:57 - 00013502 _____ () C:\Users\rbrinega.ORADEV\Downloads\Fwd  Final Notice  Cleanup of BugDB Generic Accounts owned by Email - NARASIMHA.GOGINENI@oracle.com.eml
2015-02-13 14:22 - 2015-02-13 14:21 - 00207578 _____ () C:\Users\rbrinega.ORADEV\Documents\PDIT-DS Instance access.csv
2015-02-13 14:20 - 2015-02-13 14:20 - 00022065 _____ () C:\Users\rbrinega.ORADEV\Documents\PDIT-DS Admin Access.csv
2015-02-12 22:46 - 2015-01-12 19:10 - 01190912 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-12 22:46 - 2015-01-12 18:49 - 01011200 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-12 22:46 - 2015-01-06 19:15 - 00104896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys
2015-02-12 22:46 - 2015-01-06 19:10 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2015-02-12 22:46 - 2015-01-06 18:44 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2015-02-12 22:46 - 2015-01-06 17:49 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2015-02-12 22:46 - 2015-01-06 17:49 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-02-12 22:46 - 2015-01-06 17:48 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-02-12 22:46 - 2015-01-06 17:48 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-02-12 22:46 - 2015-01-06 17:48 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2015-02-12 22:45 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-12 22:45 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-12 22:45 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-12 22:45 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-12 22:45 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-12 22:45 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-12 22:45 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-12 22:45 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-12 22:45 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-12 22:45 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-12 22:45 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-12 22:45 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-12 22:45 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-12 22:45 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-12 22:45 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-12 22:45 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-12 22:45 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-12 22:45 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-12 22:45 - 2015-01-13 19:08 - 17878016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-12 22:45 - 2015-01-13 18:49 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-12 22:45 - 2015-01-13 18:47 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-12 22:45 - 2015-01-13 18:47 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-12 22:45 - 2015-01-13 18:45 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-12 22:45 - 2015-01-13 18:45 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-12 22:45 - 2015-01-13 18:44 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-12 22:45 - 2015-01-13 18:44 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-12 22:45 - 2015-01-13 18:44 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-12 22:45 - 2015-01-13 17:51 - 12371456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-12 22:45 - 2015-01-13 17:42 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-12 22:45 - 2015-01-13 17:41 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-12 22:45 - 2015-01-13 17:40 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-12 22:45 - 2015-01-13 17:40 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-12 22:45 - 2015-01-13 17:40 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-12 22:45 - 2015-01-13 17:40 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-12 22:45 - 2015-01-13 17:40 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-12 22:44 - 2015-01-13 18:59 - 10924032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-12 22:44 - 2015-01-13 18:59 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-02-12 22:44 - 2015-01-13 18:49 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-12 22:44 - 2015-01-13 18:47 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-12 22:44 - 2015-01-13 18:47 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-02-12 22:44 - 2015-01-13 18:46 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-12 22:44 - 2015-01-13 18:46 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-12 22:44 - 2015-01-13 18:45 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-12 22:44 - 2015-01-13 18:44 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-02-12 22:44 - 2015-01-13 18:44 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-02-12 22:44 - 2015-01-13 18:44 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-02-12 22:44 - 2015-01-13 17:49 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-02-12 22:44 - 2015-01-13 17:46 - 09742336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-12 22:44 - 2015-01-13 17:43 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-12 22:44 - 2015-01-13 17:42 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-12 22:44 - 2015-01-13 17:41 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-12 22:44 - 2015-01-13 17:41 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-12 22:44 - 2015-01-13 17:41 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-02-12 22:44 - 2015-01-13 17:41 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-12 22:44 - 2015-01-13 17:41 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-12 22:44 - 2015-01-13 17:40 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-02-12 22:44 - 2015-01-13 17:40 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-02-12 22:44 - 2015-01-13 17:40 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-02-12 22:43 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-12 22:43 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-12 22:43 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-12 22:43 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-12 22:43 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-12 22:43 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-12 22:43 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-12 22:43 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-12 22:43 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-12 22:42 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-12 15:09 - 2015-02-12 15:09 - 00001032 _____ () C:\Users\rbrinega.ORADEV\Documents\Expense Report W40734405 pre.log
2015-02-09 19:41 - 2015-02-09 19:41 - 00001030 _____ () C:\Users\rbrinega.ORADEV\Documents\View Role_ LIBERTE_OPER - Oracle Enterprise Manager.log
2015-02-08 13:21 - 2015-02-08 13:22 - 93427112 _____ (Oracle Corporation) C:\Users\rbrinega.ST-USERS\Downloads\jre-8u31-windows-x64.exe
2015-02-06 18:01 - 2015-02-06 18:01 - 00000218 _____ () C:\Users\rbrinega.ORADEV\.recently-used.xbel
2015-02-06 09:49 - 2013-06-04 17:00 - 00022909 _____ () C:\Users\rbrinega.ORADEV\Documents\grep-v2
2015-02-06 09:30 - 2015-02-06 09:30 - 00001787 _____ () C:\Users\rbrinega.ORADEV\Desktop\Zoom.lnk
2015-02-06 09:30 - 2015-02-06 09:30 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Zoom
2015-02-06 09:30 - 2015-02-06 09:30 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2015-02-06 09:29 - 2015-02-06 09:29 - 00133528 _____ (Zoom Video Communications, Inc.) C:\Users\rbrinega.ST-USERS\Downloads\Zoom_launcher.exe
2015-02-04 16:20 - 2015-02-04 16:20 - 01062496 _____ () C:\Users\rbrinega.ST-USERS\Downloads\108012__ryansnook__klaxon4.wav
2015-02-04 09:30 - 2014-03-17 11:48 - 01943329 _____ () C:\Users\rbrinega.ORADEV\Documents\EM12.1.0.4-MonitoringEnhancements4.pptx
2015-02-03 04:50 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-02-03 04:50 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-02-02 13:57 - 2015-02-02 13:57 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\Deployment
2015-02-02 13:56 - 2015-02-02 13:56 - 00009004 _____ () C:\Users\rbrinega.ST-USERS\Downloads\RightNow.Installer.application
2015-01-29 18:35 - 2015-01-29 18:35 - 00001075 _____ () C:\Users\rbrinega.ORADEV\Documents\Provider Lookup Online.log
2015-01-26 15:31 - 2015-01-26 15:34 - 85912186 _____ () C:\Users\rbrinega.ST-USERS\Downloads\apex_4.2.6_en.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 18:17 - 2011-08-05 10:29 - 00001552 _____ () C:\windows\system32\config\netlogon.ftl
2015-02-23 18:12 - 2014-12-31 12:01 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 18:12 - 2014-11-07 15:56 - 00000600 _____ () C:\Users\rbrinega.ORADEV\AppData\Local\PUTTY.RND
2015-02-23 18:12 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\.purple
2015-02-23 17:48 - 2014-03-17 17:33 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 17:28 - 2011-04-15 01:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-23 17:27 - 2014-11-14 13:47 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA.job
2015-02-23 17:01 - 2011-08-05 12:18 - 00000000 ____D () C:\Users\rbrinega
2015-02-23 17:01 - 2011-08-05 11:25 - 00000000 ____D () C:\Users\support
2015-02-23 16:58 - 2011-04-15 01:17 - 00000000 ____D () C:\Program Files\Java
2015-02-23 16:57 - 2014-07-22 20:39 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-02-23 16:57 - 2014-07-22 20:39 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-02-23 16:57 - 2011-04-15 01:17 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-23 15:47 - 2011-08-05 10:29 - 01088457 _____ () C:\windows\WindowsUpdate.log
2015-02-23 10:27 - 2014-10-16 13:09 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649.job
2015-02-23 10:07 - 2009-07-13 20:45 - 00029936 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 10:07 - 2009-07-13 20:45 - 00029936 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 09:28 - 2014-11-07 14:43 - 00000000 ____D () C:\Program Files\Profile Copier
2015-02-23 09:27 - 2014-12-31 12:01 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 09:27 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-23 09:27 - 2009-07-13 20:51 - 00086576 _____ () C:\windows\setupact.log
2015-02-23 09:26 - 2010-11-20 19:47 - 00497132 _____ () C:\windows\PFRO.log
2015-02-21 15:11 - 2009-07-13 21:32 - 00000000 ____D () C:\windows\Offline Web Pages
2015-02-21 01:48 - 2014-03-17 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-21 01:48 - 2014-03-17 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-21 01:48 - 2014-03-17 17:33 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-20 16:36 - 2014-11-07 15:55 - 00000600 _____ () C:\Users\rbrinega.ORADEV\PUTTY.RND
2015-02-19 21:13 - 2014-12-31 12:03 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 17:52 - 2014-11-07 15:55 - 00002603 _____ () C:\Users\rbrinega.ORADEV\Desktop\Google Chrome.lnk
2015-02-19 14:21 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache
2015-02-19 12:34 - 2009-07-13 20:45 - 00400120 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-19 12:31 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-19 12:30 - 2013-08-07 13:52 - 00000000 ____D () C:\Users\rbrinega.ST-USERS\Documents\SQLDev Stuff
2015-02-16 16:07 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\SQL Developer
2015-02-15 07:50 - 2014-11-07 15:55 - 00002390 _____ () C:\Users\rbrinega.ORADEV\Desktop\Cisco Click to Call.lnk
2015-02-15 07:50 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Click to Call
2015-02-13 16:50 - 2014-11-07 16:18 - 00000000 ____D () C:\Users\rbrinega.ORADEV\Documents\SQLDev Stuff
2015-02-12 15:09 - 2014-11-07 15:56 - 00006809 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\PrimoPDFSet.xml
2015-02-08 13:26 - 2014-11-07 15:51 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\Adobe
2015-02-08 13:23 - 2014-02-18 10:09 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-02-08 13:23 - 2013-02-07 14:41 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-02-08 13:23 - 2013-02-07 14:41 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-02-08 13:14 - 2009-07-13 21:13 - 00726444 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-06 18:01 - 2014-11-07 15:51 - 00000000 ____D () C:\Users\rbrinega.ORADEV
2015-02-05 14:46 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\gtk-2.0
2015-02-05 01:07 - 2014-12-31 12:01 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 01:07 - 2014-12-31 12:01 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 10:22 - 2014-11-14 13:47 - 00003914 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA
2015-02-04 10:22 - 2014-11-14 13:47 - 00003518 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649
2015-02-03 13:55 - 2013-05-13 11:26 - 00000135 _____ () C:\windows\SysWOW64\WebPageInfo.txt
2015-02-03 13:55 - 2011-05-05 10:44 - 00000151 _____ () C:\windows\RSMInst.log
2015-02-02 13:57 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\Apps\2.0
2015-02-02 05:30 - 2011-04-15 01:45 - 00143552 _____ (McAfee, Inc.) C:\windows\SysWOW64\KevlarSigs.dll
2015-01-28 15:39 - 2013-03-06 09:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-28 14:00 - 2014-11-07 15:56 - 00003135 _____ () C:\Users\rbrinega.ORADEV\Downloads\untitled.txt

==================== Files in the root of some directories =======

2015-02-23 09:19 - 2015-02-23 09:19 - 6111012 _____ () C:\Program Files (x86)\delme.zip
2014-11-07 15:56 - 2015-02-12 15:09 - 0006809 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\PrimoPDFSet.xml
2015-02-20 16:12 - 2015-02-20 16:12 - 0000046 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\WB.CFG
2014-11-07 15:56 - 2015-02-23 18:12 - 0000600 _____ () C:\Users\rbrinega.ORADEV\AppData\Local\PUTTY.RND
2014-11-07 15:56 - 2012-07-02 08:41 - 0007627 _____ () C:\Users\rbrinega.ORADEV\AppData\Local\Resmon.ResmonCfg
2012-04-21 21:44 - 2012-04-21 21:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-28 12:10 - 2013-06-28 12:10 - 0002082 _____ () C:\ProgramData\regid.2002-12.it.k-sol,projectreader_ADBA5736-2070-4B17-8489-5EE61980C4CE.swidtag
2011-09-23 14:44 - 2011-09-23 14:44 - 0001160 _____ () C:\ProgramData\tmp2B2D.log
2011-09-23 14:44 - 2011-09-23 14:44 - 0512078 _____ () C:\ProgramData\tmp2B2D.tmp
2011-09-23 14:39 - 2011-09-23 14:39 - 0001152 _____ () C:\ProgramData\tmp836A.log
2011-09-23 14:39 - 2011-09-23 14:39 - 0431498 _____ () C:\ProgramData\tmp836A.tmp

Some content of TEMP:
====================
C:\Users\rbrinega\AppData\Local\Temp\CFGDOM.exe
C:\Users\rbrinega\AppData\Local\Temp\rebootnt.exe
C:\Users\rbrinega.ORADEV\AppData\Local\Temp\inetutil.dll
C:\Users\rbrinega.ORADEV\AppData\Local\Temp\optprosetup.exe
C:\Users\rbrinega.ORADEV\AppData\Local\Temp\q8hd4pgd.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\20130918095327393jniverify.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\CSDJavaInstaller.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\DocumentFormat.OpenXml.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\i4jdel0.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Core.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Security.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.SwingAWT.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Text.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Util.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.XML.API.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.XML.Bind.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.Runtime.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\InstallAX_11_7_700_202.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\InstallPlugin_11_7_700_202.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.EnterpriseLibrary.Common.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.EnterpriseLibrary.Logging.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.ServiceLocation.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.Unity.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.Unity.Interception.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\mpxj.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\poi-3.6-20091214.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\ProjectLibrary.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\ProjectViewer.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\pslist.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Ricciolo.Controls.TreeListView.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\System.Windows.Interactivity.dll
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\unzip.exe
C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\WPFToolkit.Extended.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 00:23

==================== End Of Log ============================

 

 

Link to post
Share on other sites

Addition.txt will follow because I got a message too long...

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by rbrinega at 2015-02-23 18:22:50
Running from C:\Users\rbrinega.ORADEV\Documents\frst
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\{A37E9FA0-00FE-479D-9F62-E6E3DBA51D29}) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlackBerry USB and Modem Drivers 5.0.1 (HKLM-x32\...\BlackBerry_{F0702481-3E9C-4844-8355-B8D0439E9793}) (Version: 5.0.1.37 - Research In Motion Ltd.)
BlackBerry USB and Modem Drivers 5.0.1 (x32 Version: 5.0.1.37 - Research In Motion Ltd.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Cisco Click to Call (HKLM\...\{4ED9D5AF-FE16-4CBA-805C-8D0C47F83E7F}) (Version: 8.0.2591 - Cisco Systems, Inc.)
Cisco Click to Call (HKLM-x32\...\Cisco Click to Call) (Version:  - )
Cisco IP Communicator (HKLM-x32\...\Cisco IP Communicator) (Version:  - )
Cisco IP Communicator (x32 Version: 7.0.5.4 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco VPN Client 5.0.07.0290 (HKLM-x32\...\Cisco VPN Client 5.0.07.0290) (Version:  - )
Cisco WebEx Meetings (HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CMD Prompt Here as Administrator PowerToy v1.0.2 (Uninstall only) (HKLM\...\CmdHereAsAdmin) (Version: 1.0.2 - )
CMD Prompt Here PowerToy v1.0.3 (Uninstall only) (HKLM\...\CmdHere) (Version: 1.0.3 - )
ColorClix version 3.0 (HKLM-x32\...\{1103541B-697C-492A-B6D6-3BEBC7C5CCAD}_is1) (Version: 3.0 - Olympic)
CrashPlan (HKLM\...\{3DC18F22-3F80-427A-B2A1-2B2E9E0986B8}) (Version: 3.5.3 - CrashPlan)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.114 - ALPS ELECTRIC CO., LTD.)
Development Base Image (HKLM-x32\...\Development Base Image) (Version: 7.1.00.0 - Product Development Desktop Support)
FileLocator Lite 2010 (64-bit) (HKLM\...\FileLocator Lite (64-bit)_is1) (Version:  - )
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
FTP Site Manager (HKLM-x32\...\FTP Site Manager) (Version:  - )
Git version 1.7.9-preview20120201 (HKLM-x32\...\Git_is1) (Version: 1.7.9-preview20120201 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GTK+ Runtime 2.14.7 rev a (remove only) (HKLM-x32\...\GTK 2.0) (Version:  - )
Hoyle Card Games 2005 (HKLM-x32\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
HP Officejet 6600 Basic Device Software (HKLM\...\{AEC699FC-F916-46A0-B15E-70EF1534AE93}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{C818BA3A-226F-4ED0-9CEF-96A0DF300211}) (Version: 140.0.2.2 - Hewlett Packard)
HyperSnap 6 (HKLM-x32\...\HyperSnap 6) (Version: 5 - Hyperionics Technology LLC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075F0}) (Version: 7.0.750 - Oracle)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075F0}) (Version: 7.0.750 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 6 Update 27 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160270}) (Version: 1.6.0.270 - Oracle)
Lexmark 4200 Series (HKLM\...\Lexmark 4200 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{0F9C79D3-14FA-4750-979D-2C966F1E5CE6}) (Version: 4.8.0.1605 - McAfee, Inc.)
McAfee Host Intrusion Prevention (HKLM-x32\...\{B332732A-4958-41DD-B439-DDA2D32753C5}) (Version: 7.00.0800 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
McAfee SiteAdvisor Enterprise Plus (HKLM-x32\...\{00FC3F65-86EB-475E-881F-A5B1CF731320}) (Version: 3.0.0.561 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio Viewer (HKLM-x32\...\Microsoft Visio Viewer) (Version:  - )
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 31.4.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.4.0 ESR (x86 en-US)) (Version: 31.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.2 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
Network Recording Player (HKLM-x32\...\{2B53190C-E53E-4736-9E13-395741415991}) (Version: 2.29.3100 - Cisco WebEx LLC)
Opera 11.64 (HKLM-x32\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
Oracle Beehive Conferencing (HKLM-x32\...\{4A8ABF7C-0DBB-41D9-8456-9CFC16F9B4BA}) (Version: 1.4 - Oracle Corporation)
Oracle Beehive Extensions for Explorer (HKLM\...\{1FC44441-92DD-4C16-AA0E-D5781A8E323C}) (Version: 2.0.1.7 - Oracle Corporation)
Oracle Content Server - Desktop Integration Suite (HKLM\...\{E9B67598-4F17-4E38-A863-838AC35CA847}) (Version: 11.1.4 - Oracle)
Oracle Data Protection 1.8.0.0 (HKLM-x32\...\Oracle Data Protection 1.8.0.0) (Version:  - )
Oracle Online Assistance (HKLM-x32\...\Oracle Online Assistance) (Version:  - )
Oracle Open Office 3.3 (HKLM-x32\...\{C939ED08-0089-4D96-A421-7179EB8C459D}) (Version: 3.3.9552 - Oracle)
Paperless Converter version 5.0.0.92 (HKLM-x32\...\Paperless Converter_is1) (Version: 5.0.0.92 - Rarefind Engineering Innovations Pvt. Ltd.)
Paperless Printer version 5.1.0.16 (HKLM-x32\...\Paperless Printer_is1) (Version: 5.1.0.16 - Rarefind Engineering Innovations Pvt. Ltd.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
PrimoPDF (HKLM-x32\...\PrimoPDF4.1.0.9) (Version: 4.1.0.9 - activePDF)
Profile Copier 3.0 (HKLM-x32\...\ProfileCopier) (Version:  - )
ProjectReader (HKLM-x32\...\{9ACD9F21-CA0A-4E08-B54B-EB39CAA0D42B}) (Version: 4.06.0000 - K-SOL S.r.l.)
PuTTY .60 with WinSCP4 (HKLM-x32\...\PuTTY .60 with WinSCP4) (Version:  - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer Enterprise (HKLM-x32\...\RealPlayer 6.0) (Version:  - RealNetworks)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Softerra LDAP Browser 4.5 (HKLM-x32\...\{5A3B2909-0CF3-4F8A-95AB-0A00222DCAA3}) (Version: 4.5.10625.0 - Softerra, Ltd.)
Tether 1.4.3.7 (HKLM-x32\...\{2863C12B-2A02-4258-8495-6220605B2E5C}_is1) (Version:  - Tether)
TightVNC 2.0.4 (HKLM-x32\...\TightVNC) (Version: 2.0.4 - GlavSoft LLC.)
ViewletBuilder6 Professional (HKLM-x32\...\ViewletBuilder6 Professional) (Version:  - Qarbon)
ViewSonic Windows 7 x64 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6900 - Broadcom Corporation)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.14 - HTC)
WSE_Binkiland (HKLM-x32\...\WSE_Binkiland) (Version:  - WSE_Binkiland) <==== ATTENTION!
Zoom (HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

13-02-2015 10:00:19 Windows Update
15-02-2015 07:49:27 Installed Cisco Click to Call.
21-02-2015 10:00:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-06-19 02:16 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00748E8D-FA66-4CFA-A0DE-4810695DB941} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649 => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {234859C9-FB16-435D-9D6A-5627E1EF2AF8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.38\OptProLauncher.exe <==== ATTENTION
Task: {4DD9F8A2-8E2F-472E-8F13-47BD89A970F1} - System32\Tasks\Oracle\Synctime => C:\ProgramData\Oracle\Baseimage\synctime.exe [2003-04-07] ()
Task: {9B6E5F0D-82ED-4120-96B5-1D14C4345B03} - System32\Tasks\{5B80D250-0972-4CAB-A3D6-4D923F76DD18} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {AE6FAAE4-E128-4B58-B071-AD1460C77042} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {BB8D80CA-86B4-43BC-B42C-5110721A27C1} - System32\Tasks\{452F4E93-9543-4221-8569-4128FFE851B0} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {C3023ADB-4D1F-40D8-9CD4-1425724B43DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {C42BA7E9-A1F3-451B-BA57-49BA6A778A61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {D34795C5-B4D4-4746-9C6F-AD9FEDE665C8} - System32\Tasks\{4ADF3BCE-D1AC-4CAC-93A2-8FF735758716} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {DF206FEE-8787-46CA-8B4A-86FA02BBD9D9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-21] (Adobe Systems Incorporated)
Task: {FFEC9679-1A2E-420C-8634-36FE03D86E69} - System32\Tasks\{0C968383-0F36-48FC-AD76-6FC2155CC4F8} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.115&LastError=12031
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cf8adf35b1ae61.job => C:\Users\rbrinega.ST-USERS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649.job => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA.job => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-04-15 01:32 - 2006-11-06 14:55 - 00090624 _____ () C:\windows\System32\Primomonnt.dll
2012-04-24 16:05 - 2012-03-29 09:58 - 00019456 _____ () C:\windows\system32\spool\PRTPROCS\x64\QWritex64.dll
2013-04-08 15:42 - 2013-04-08 15:42 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2014-11-26 19:23 - 2014-11-26 19:23 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2011-11-21 21:13 - 2011-09-29 13:29 - 00050416 _____ () C:\Program Files (x86)\Tether\TBService.exe
2010-10-15 18:08 - 2010-10-15 18:08 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-08-05 13:06 - 2011-02-21 11:14 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-05 10:23 - 2010-12-17 09:24 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-02-25 10:58 - 2011-02-25 10:58 - 00050600 _____ () C:\Program Files (x86)\Cisco Systems\Click to Call\main\exe\Cisco.ClickToCall.Common.WebDialer.XmlSerializers.dll
2014-06-10 19:34 - 2014-06-10 19:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-02-20 15:11 - 2015-02-20 15:11 - 01652280 _____ () c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2010-11-25 02:12 - 2011-04-15 01:24 - 00985088 _____ () C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\libxml2.dll
2015-01-14 10:27 - 2015-01-14 10:27 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-14 10:27 - 2015-01-14 10:27 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-14 10:27 - 2015-01-14 10:27 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-14 09:10 - 2015-01-14 09:10 - 03789936 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-23 16:57 - 2015-02-23 16:57 - 00018856 _____ () C:\Program Files (x86)\Java\jre1.7.0_75\bin\jp2native.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\ACTION REQUIRED EM Alert  CRITICAL  gsi1av_security_login.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\EM Incident  Critical New  - Internal error detected  java.util.NoSuchElementException java.util.StringTokenizer 332 oracle.sysman.gcagent.addon.plugin.beacon.fetchlet.urltiming.HTMLParser 1555..eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Found too many alerts triggered in EMCC on  Sep 18, 2014.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Fwd  Final Notice  Cleanup of BugDB Generic Accounts owned by Email - NARASIMHA.GOGINENI@oracle.com.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Fwd  SR 3-6662739331 1 Review Update FATAL   Target(s) with Subscription ID152744 are DOWN.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Issues with OID We had a few login issues when attempting to log into EMCC OMS..eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\ODCS  (EMCC-14648) HOW TO GET RID OF A METRIC COLLECTION ERROR FOR UDM'S WHICH NO LONGER EXIST 4_51AM.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\ODCS  (EMCC-14648) HOW TO GET RID OF A METRIC COLLECTION ERROR FOR UDM'S WHICH NO LONGER EXIST 8_20AM.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Outage Notification  MyHelp System Will Be Unavailable - MyHelp Production upcoming Outage Notification. 02-May-2014 21 00 to 03-May-2014 05 00.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Please Read   Recently Scanned Expense Report.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  ACTION REQUIRED EM Alert  CRITICAL  slciafu.us.oracle.com 41830 - Host is Unreachable.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  ACTION REQUIRED EM Alert  CRITICAL  us2jcsr3080059.usdc2.oraclecloud.com 3872 - Agent is Unreachable.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  Bug# 17759430 - SR'S ARE NOT GETTING CLEARED EVEN THOUGH UNDERLYING ALERTS GET CLEARED.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  devcc.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  EM Metric Extension for EXA IB switches.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  Found too many alerts triggered in EMCC on  Sep 16, 2014.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  List of EM Cloud Hosts.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  MyHelp AutoSR2 Unplanned outage Notification.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  MyHelp CRMOD - autoSR2 and Category Link not working.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  SMS server upgrade.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re  Testing AutoSR3.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re_ auto sr's not closing.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Richards Dell E6420 Laptop.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\SR 497386-544365241.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\SR 497386-614629042  Set up firewall from adsdx0013.oracleads.com and adsdx0014.oracleads.com to  autosr2-prod.oraclecorp.com 443 as is set up for adsdx0009.oracleads.com and adsdx0010.oracleads.com.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\SR 497386-614629042.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ORADEV\Documents\Fwd  Re  Fwd  Re  Fwd  Master _ Shared agents upgrade to PS2 PDIT UPGRADE.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\ACTION REQUIRED EM Alert  CRITICAL  gsi1av_security_login.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Found too many alerts triggered in EMCC on  Sep 18, 2014.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Fwd  SR 3-6662739331 1 Review Update FATAL   Target(s) with Subscription ID152744 are DOWN.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Issues with OID We had a few login issues when attempting to log into EMCC OMS..eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\ODCS  (EMCC-14648) HOW TO GET RID OF A METRIC COLLECTION ERROR FOR UDM'S WHICH NO LONGER EXIST 4_51AM.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\ODCS  (EMCC-14648) HOW TO GET RID OF A METRIC COLLECTION ERROR FOR UDM'S WHICH NO LONGER EXIST 8_20AM.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Outage Notification  MyHelp System Will Be Unavailable - MyHelp Production upcoming Outage Notification. 02-May-2014 21 00 to 03-May-2014 05 00.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Please Read   Recently Scanned Expense Report.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re  ACTION REQUIRED EM Alert  CRITICAL  slciafu.us.oracle.com 41830 - Host is Unreachable.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re  Bug# 17759430 - SR'S ARE NOT GETTING CLEARED EVEN THOUGH UNDERLYING ALERTS GET CLEARED.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re  devcc.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re  EM Metric Extension for EXA IB switches.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re  List of EM Cloud Hosts.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re  MyHelp AutoSR2 Unplanned outage Notification.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re  SMS server upgrade.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re_ auto sr's not closing.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\SR 497386-544365241.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\SR 497386-614629042  Set up firewall from adsdx0013.oracleads.com and adsdx0014.oracleads.com to  autosr2-prod.oraclecorp.com 443 as is set up for adsdx0009.oracleads.com and adsdx0010.oracleads.com.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\SR 497386-614629042.eml:OECustomProperty
AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Documents\Fwd  Re  Fwd  Re  Fwd  Master _ Shared agents upgrade to PS2 PDIT UPGRADE.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Control Panel\Desktop\\Wallpaper -> C:\Users\rbrinega.ST-USERS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 198.17.210.130 - 144.24.23.18

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2378886259-4119765314-3931536290-500 - Administrator - Disabled)
Guest (S-1-5-21-2378886259-4119765314-3931536290-501 - Limited - Disabled)
rbrinega (S-1-5-21-2378886259-4119765314-3931536290-1001 - Administrator - Enabled) => C:\Users\rbrinega
support (S-1-5-21-2378886259-4119765314-3931536290-1000 - Administrator - Enabled) => C:\Users\support

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Tether Ethernet Adapter
Description: Tether Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Tether
Service: qrkis
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2015 09:28:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 03:12:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 05:58:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 00:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 08:23:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Conferencing.exe, version: 2.0.1.8, time stamp: 0x51ba9663
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc015000f
Fault offset: 0x00084671
Faulting process id: 0x6648
Faulting application start time: 0xConferencing.exe0
Faulting application path: Conferencing.exe1
Faulting module path: Conferencing.exe2
Report Id: Conferencing.exe3

Error: (02/13/2015 09:55:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Conferencing.exe, version: 2.0.1.8, time stamp: 0x51ba9663
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc015000f
Fault offset: 0x00084671
Faulting process id: 0x3460
Faulting application start time: 0xConferencing.exe0
Faulting application path: Conferencing.exe1
Faulting module path: Conferencing.exe2
Report Id: Conferencing.exe3

Error: (02/08/2015 01:10:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 03:56:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Conferencing.exe, version: 2.0.1.8, time stamp: 0x51ba9663
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc015000f
Fault offset: 0x00084671
Faulting process id: 0x7d40
Faulting application start time: 0xConferencing.exe0
Faulting application path: Conferencing.exe1
Faulting module path: Conferencing.exe2
Report Id: Conferencing.exe3

Error: (01/30/2015 08:58:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Conferencing.exe, version: 2.0.1.8, time stamp: 0x51ba9663
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc015000f
Fault offset: 0x00084671
Faulting process id: 0x5d50
Faulting application start time: 0xConferencing.exe0
Faulting application path: Conferencing.exe1
Faulting module path: Conferencing.exe2
Report Id: Conferencing.exe3

Error: (01/23/2015 10:22:31 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Oracle Beehive Conferencing because of this error.

Program: Oracle Beehive Conferencing
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0


System errors:
=============
Error: (02/23/2015 06:15:02 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ORADEV)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (02/23/2015 06:12:58 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (02/23/2015 09:29:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error: (02/23/2015 09:28:49 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x8007041d

Error: (02/23/2015 09:28:49 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/23/2015 09:28:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%1053

Error: (02/23/2015 09:28:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

Error: (02/23/2015 09:27:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The McAfee SiteAdvisor Enterprise Service service terminated with the following error:
%%-2147467243

Error: (02/23/2015 09:27:28 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ORADEV)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (02/23/2015 09:27:13 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.


Microsoft Office Sessions:
=========================
Error: (02/23/2015 09:28:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 03:12:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 05:58:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 00:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 08:23:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Conferencing.exe2.0.1.851ba9663ntdll.dll6.1.7601.1822951fb1072c015000f00084671664801d04c5525c2b8cdC:\Users\rbrinega.ST-USERS\AppData\Roaming\Oracle\Beehive\Conferencing\Versions\D60AD16B-696E-4331-BA52-F3A86E9F3BD2\Conferencing.exeC:\windows\SysWOW64\ntdll.dlla162d14b-b853-11e4-85ad-9cb70dee2573

Error: (02/13/2015 09:55:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Conferencing.exe2.0.1.851ba9663ntdll.dll6.1.7601.1822951fb1072c015000f00084671346001d047ae305f06ccC:\Users\rbrinega.ST-USERS\AppData\Roaming\Oracle\Beehive\Conferencing\Versions\D60AD16B-696E-4331-BA52-F3A86E9F3BD2\Conferencing.exeC:\windows\SysWOW64\ntdll.dll7f6153d0-b3a9-11e4-85ad-9cb70dee2573

Error: (02/08/2015 01:10:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 03:56:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Conferencing.exe2.0.1.851ba9663ntdll.dll6.1.7601.1822951fb1072c015000f000846717d4001d0400ac7f0d517C:\Users\rbrinega.ST-USERS\AppData\Roaming\Oracle\Beehive\Conferencing\Versions\D60AD16B-696E-4331-BA52-F3A86E9F3BD2\Conferencing.exeC:\windows\SysWOW64\ntdll.dll42a128c0-ac00-11e4-9bfd-9cb70dee2573

Error: (01/30/2015 08:58:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Conferencing.exe2.0.1.851ba9663ntdll.dll6.1.7601.1822951fb1072c015000f000846715d5001d03ca646ab6023C:\Users\rbrinega.ST-USERS\AppData\Roaming\Oracle\Beehive\Conferencing\Versions\D60AD16B-696E-4331-BA52-F3A86E9F3BD2\Conferencing.exeC:\windows\SysWOW64\ntdll.dll489d821d-a8a1-11e4-9bfd-9cb70dee2573

Error: (01/23/2015 10:22:31 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Oracle Beehive Conferencing000000000


CodeIntegrity Errors:
===================================
  Date: 2014-07-13 13:55:44.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-13 13:55:44.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-13 13:55:44.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-13 13:55:44.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-13 13:55:38.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-13 13:55:38.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-13 13:55:38.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-13 13:55:38.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 8072.93 MB
Available physical RAM: 4586.07 MB
Total Pagefile: 16144.05 MB
Available Pagefile: 12751.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100 GB) (Free:20.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:187.11 GB) (Free:173.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 91EE639D)
Partition 1: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=187.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 



 
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"



 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.