[mewsick75]

I though I originally had a Graphix card issue so I posted in the Operating System category.  After talking with one of the techs they didn't rule out this issue being a Virus.  I ran Malware Bytes and it found over 700 instances on my machine.  I need need help now just making sure that the thing is clean.  Any help would be appreciated.

[Advertisements]

Hi. My name is Brian, and I will be helping you with Malware Removal. I would be happy to check your machine out for you.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performaning any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

 

 

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Step#1 - Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 

 

Items for your next post

1. FRST log and Addition log

[BrianDrab]

Hi. My name is Brian, and I will be helping you with Malware Removal. I would be happy to check your machine out for you.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performaning any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

 

 

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Step#1 - Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 

 

Items for your next post

1. FRST log and Addition log

[mewsick75]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Eve (administrator) on EVE-PC on 04-09-2014 09:35:50
Running from C:\Users\Eve\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell) C:\Users\Eve\AppData\Local\Apps\2.0\3LETX4BE.G33\BMG2AE90.0YM\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\imstrayicon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3004046012-2611642675-55135887-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
HKU\S-1-5-21-3004046012-2611642675-55135887-1001\...\Run: [DellSystemDetect] => C:\Users\Eve\AppData\Local\Apps\2.0\3LETX4BE.G33\BMG2AE90.0YM\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-08-29] (Dell)
HKU\S-1-5-21-3004046012-2611642675-55135887-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
HKU\S-1-5-21-3004046012-2611642675-55135887-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSystemDetect] => C:\Users\Eve\AppData\Local\Apps\2.0\3LETX4BE.G33\BMG2AE90.0YM\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-08-29] (Dell)
HKU\S-1-5-21-3004046012-2611642675-55135887-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3004046012-2611642675-55135887-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-03-24] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...referrer:source?}
SearchScopes: HKLM - {46A22C42-4C30-4541-90DC-7EADB79508EE} URL = http://www.bing.com/...E10TR&pc=MDDCJS
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {46A22C42-4C30-4541-90DC-7EADB79508EE} URL = http://www.bing.com/...E10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {46A22C42-4C30-4541-90DC-7EADB79508EE} URL = http://www.bing.com/...E10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {46A22C42-4C30-4541-90DC-7EADB79508EE} URL =
SearchScopes: HKCU - {7BC07AF8-8B76-4E87-A142-CE048B29BA16} URL = http://www.mysearchr...&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg....pr&d=2012-05-16 20:19:04&v=12.2.5.32&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms}
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 4.2.2.2 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Eve\AppData\Roaming\Mozilla\Firefox\Profiles\i7hinpai.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Eve\AppData\Roaming\Mozilla\Firefox\Profiles\i7hinpai.default\Extensions\[email protected] [2014-08-13]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel® Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 09:35 - 2014-09-04 09:35 - 00016888 _____ () C:\Users\Eve\Desktop\FRST.txt
2014-09-04 09:35 - 2014-09-04 09:35 - 00000000 ____D () C:\FRST
2014-09-04 09:33 - 2014-09-04 09:33 - 02104832 _____ (Farbar) C:\Users\Eve\Desktop\FRST64.exe
2014-09-02 11:52 - 2014-09-02 11:52 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-02 11:52 - 2014-05-21 00:33 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2014-09-02 11:52 - 2014-05-21 00:33 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2014-09-02 11:42 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-09-02 11:42 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-09-02 11:40 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-09-02 11:40 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-09-02 11:40 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-09-02 11:40 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-09-02 11:36 - 2014-08-06 18:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-02 11:36 - 2014-08-02 01:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-02 11:35 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-09-02 11:22 - 2014-09-02 11:22 - 00016244 _____ () C:\WINDOWS\system32\results.xml
2014-09-02 11:03 - 2014-09-04 09:28 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 11:03 - 2014-09-02 11:03 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-02 11:03 - 2014-09-02 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-02 11:03 - 2014-09-02 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 11:03 - 2014-09-02 11:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-02 11:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-02 11:03 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-02 11:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-29 13:00 - 2014-08-01 20:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-29 13:00 - 2014-08-01 20:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 11:31 - 2014-08-29 11:31 - 00010595 _____ () C:\Users\Eve\Downloads\dellsystemdetect.application
2014-08-29 11:30 - 2014-08-29 11:42 - 00000000 ____D () C:\Users\Eve\AppData\Local\Deployment
2014-08-29 11:30 - 2014-08-29 11:30 - 00417824 _____ () C:\Users\Eve\Downloads\DellSystemDetect.exe
2014-08-29 11:30 - 2014-08-29 11:30 - 00000000 ____D () C:\Users\Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-29 11:07 - 2014-05-21 00:33 - 00031408 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2014-08-29 11:07 - 2012-10-15 16:09 - 09007616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2014-08-29 11:07 - 2012-10-15 16:09 - 00441888 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2014-08-29 11:07 - 2012-10-15 16:09 - 00441856 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2014-08-29 11:07 - 2012-10-15 16:09 - 00440320 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00432128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00431104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00429056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00428544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00410624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2014-08-29 11:07 - 2012-10-15 16:09 - 00386048 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2014-08-29 11:07 - 2012-10-15 16:09 - 00330240 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2014-08-29 11:07 - 2012-10-15 16:09 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2014-08-29 11:07 - 2012-10-15 16:09 - 00142336 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2014-08-29 11:07 - 2012-10-15 16:09 - 00028672 _____ (Intel Corporation) C:\WINDOWS\system32\SET19D2.tmp
2014-08-29 11:07 - 2012-10-15 16:09 - 00009728 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2014-08-29 11:07 - 2012-10-15 16:08 - 00399392 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2014-08-29 11:07 - 2012-10-15 16:08 - 00223233 _____ () C:\WINDOWS\system32\Gfxres.th-TH.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00209727 _____ () C:\WINDOWS\system32\Gfxres.el-GR.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00193862 _____ () C:\WINDOWS\system32\Gfxres.ru-RU.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00173568 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2014-08-29 11:07 - 2012-10-15 16:08 - 00165865 _____ () C:\WINDOWS\system32\Gfxres.ar-SA.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00163120 _____ () C:\WINDOWS\system32\Gfxres.ja-JP.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00158727 _____ () C:\WINDOWS\system32\Gfxres.he-IL.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00149390 _____ () C:\WINDOWS\system32\Gfxres.it-IT.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00147759 _____ () C:\WINDOWS\system32\Gfxres.ko-KR.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00147101 _____ () C:\WINDOWS\system32\Gfxres.de-DE.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00147010 _____ () C:\WINDOWS\system32\Gfxres.es-ES.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00145715 _____ () C:\WINDOWS\system32\Gfxres.ro-RO.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00145211 _____ () C:\WINDOWS\system32\Gfxres.fr-FR.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00144378 _____ () C:\WINDOWS\system32\Gfxres.tr-TR.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00143976 _____ () C:\WINDOWS\system32\Gfxres.pt-BR.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00143730 _____ () C:\WINDOWS\system32\Gfxres.nl-NL.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00143657 _____ () C:\WINDOWS\system32\Gfxres.hu-HU.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00142990 _____ () C:\WINDOWS\system32\Gfxres.pt-PT.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00142617 _____ () C:\WINDOWS\system32\Gfxres.sv-SE.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00142423 _____ () C:\WINDOWS\system32\Gfxres.pl-PL.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00142008 _____ () C:\WINDOWS\system32\Gfxres.cs-CZ.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00141739 _____ () C:\WINDOWS\system32\Gfxres.fi-FI.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00141574 _____ () C:\WINDOWS\system32\Gfxres.sk-SK.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00140779 _____ () C:\WINDOWS\system32\Gfxres.hr-HR.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00137621 _____ () C:\WINDOWS\system32\Gfxres.sl-SI.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00137534 _____ () C:\WINDOWS\system32\Gfxres.nb-NO.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00136873 _____ () C:\WINDOWS\system32\Gfxres.da-DK.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00132360 _____ () C:\WINDOWS\system32\Gfxres.en-US.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00126035 _____ () C:\WINDOWS\system32\Gfxres.zh-TW.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00124403 _____ () C:\WINDOWS\system32\Gfxres.zh-CN.resources
2014-08-29 11:07 - 2012-10-15 16:08 - 00110592 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2014-08-29 10:46 - 2014-08-29 10:46 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-08-29 10:43 - 2014-08-29 10:43 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-08-29 10:17 - 2014-08-29 10:17 - 00000728 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2014-08-25 14:12 - 2014-08-25 14:12 - 00000137 _____ () C:\Users\Eve\Desktop\New Internet Shortcut.url
2014-08-24 11:17 - 2014-08-24 11:17 - 00013824 _____ () C:\Users\Eve\Downloads\My Portfolio.xls
2014-08-24 11:12 - 2014-08-24 11:12 - 00001932 _____ () C:\Users\Eve\Downloads\My Portfolio.txt
2014-08-24 10:29 - 2014-08-24 11:17 - 00001073 _____ () C:\Users\Eve\Downloads\My Portfolio.csv
2014-08-23 11:17 - 2014-08-23 11:17 - 00000397 _____ () C:\Users\Eve\Desktop\My Portfolios - DailyFinance#-prelanding.website
2014-08-19 10:08 - 2014-08-19 10:08 - 00381400 _____ () C:\Users\Eve\Documents\Gmail - Microsoft account security info.oxps
2014-08-13 10:37 - 2014-08-13 10:37 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 09:35 - 2014-09-04 09:35 - 00016888 _____ () C:\Users\Eve\Desktop\FRST.txt
2014-09-04 09:35 - 2014-09-04 09:35 - 00000000 ____D () C:\FRST
2014-09-04 09:34 - 2013-11-05 15:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-04 09:33 - 2014-09-04 09:33 - 02104832 _____ (Farbar) C:\Users\Eve\Desktop\FRST64.exe
2014-09-04 09:31 - 2013-08-27 11:12 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{46D3F078-1657-4380-A6A8-AB87AC8F09EB}
2014-09-04 09:28 - 2014-09-02 11:03 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 00:16 - 2014-04-08 14:31 - 01792295 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-04 00:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-02 12:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-02 11:56 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-02 11:54 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-02 11:53 - 2014-07-20 10:40 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-02 11:53 - 2013-08-22 10:46 - 00368881 _____ () C:\WINDOWS\setupact.log
2014-09-02 11:52 - 2014-09-02 11:52 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-02 11:52 - 2014-04-08 14:10 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-02 11:45 - 2013-06-19 13:29 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3004046012-2611642675-55135887-1001
2014-09-02 11:34 - 2013-05-16 14:03 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-02 11:32 - 2014-03-24 09:49 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-02 11:32 - 2013-11-14 03:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-02 11:29 - 2014-06-28 22:15 - 00000000 ___RD () C:\Users\Eve\OneDrive
2014-09-02 11:29 - 2014-02-10 15:12 - 00165659 _____ () C:\MyXML.xml
2014-09-02 11:25 - 2013-11-14 03:20 - 00268474 _____ () C:\WINDOWS\PFRO.log
2014-09-02 11:25 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-02 11:22 - 2014-09-02 11:22 - 00016244 _____ () C:\WINDOWS\system32\results.xml
2014-09-02 11:21 - 2013-05-16 14:03 - 00000000 ____D () C:\WINDOWS\eBayDesktopShortcut
2014-09-02 11:03 - 2014-09-02 11:03 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-02 11:03 - 2014-09-02 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-02 11:03 - 2014-09-02 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 11:03 - 2014-09-02 11:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-02 10:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-29 13:51 - 2013-05-16 13:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-08-29 12:59 - 2013-08-22 10:44 - 00363096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-29 12:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-29 12:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-29 12:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-29 12:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-29 12:47 - 2013-05-16 13:54 - 00000000 ____D () C:\ProgramData\Temp
2014-08-29 11:42 - 2014-08-29 11:30 - 00000000 ____D () C:\Users\Eve\AppData\Local\Deployment
2014-08-29 11:35 - 2014-03-18 10:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-29 11:31 - 2014-08-29 11:31 - 00010595 _____ () C:\Users\Eve\Downloads\dellsystemdetect.application
2014-08-29 11:30 - 2014-08-29 11:30 - 00417824 _____ () C:\Users\Eve\Downloads\DellSystemDetect.exe
2014-08-29 11:30 - 2014-08-29 11:30 - 00000000 ____D () C:\Users\Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-29 11:08 - 2013-05-16 13:20 - 00000000 ____D () C:\Intel
2014-08-29 11:00 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-29 10:46 - 2014-08-29 10:46 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-08-29 10:43 - 2014-08-29 10:43 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-08-29 10:43 - 2014-04-08 14:19 - 00000000 ____D () C:\Users\Eve
2014-08-29 10:17 - 2014-08-29 10:17 - 00000728 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2014-08-29 09:53 - 2013-05-16 13:46 - 00000000 ____D () C:\ProgramData\Dell
2014-08-25 14:12 - 2014-08-25 14:12 - 00000137 _____ () C:\Users\Eve\Desktop\New Internet Shortcut.url
2014-08-24 11:17 - 2014-08-24 11:17 - 00013824 _____ () C:\Users\Eve\Downloads\My Portfolio.xls
2014-08-24 11:17 - 2014-08-24 10:29 - 00001073 _____ () C:\Users\Eve\Downloads\My Portfolio.csv
2014-08-24 11:12 - 2014-08-24 11:12 - 00001932 _____ () C:\Users\Eve\Downloads\My Portfolio.txt
2014-08-23 11:17 - 2014-08-23 11:17 - 00000397 _____ () C:\Users\Eve\Desktop\My Portfolios - DailyFinance#-prelanding.website
2014-08-19 10:08 - 2014-08-19 10:08 - 00381400 _____ () C:\Users\Eve\Documents\Gmail - Microsoft account security info.oxps
2014-08-19 10:04 - 2013-08-15 15:50 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-19 10:02 - 2013-06-19 15:15 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 10:37 - 2014-08-13 10:37 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2014-08-06 18:38 - 2014-09-02 11:36 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-02 11:45

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Eve at 2014-09-04 09:36:38
Running from C:\Users\Eve\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3349 - AVG Technologies)
AVG 2013 (Version: 13.0.3209 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3349 - AVG Technologies) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{F13921D6-AE6D-41BF-807A-17BD99C0A4FD}) (Version: 15.5.5.0480 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Optimizer Pro v3.2 (x32 Version:  - ) Hidden <==== ATTENTION
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3004046012-2611642675-55135887-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

18-08-2014 13:04:06 Windows Update
29-08-2014 13:28:14 Windows Update
02-09-2014 15:47:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02D5FC26-8E36-4B68-BAF3-75311218F411} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07FCE676-F6AA-42F1-8CCC-68011AB11A72} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-09] (IObit)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1463C4A3-7786-4408-98C9-DA775C9376DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41510053-D33A-49DC-A4F2-31D0D7EE578F} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4C6DB741-EDDE-453C-8467-2E021BF689EB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {51ED4A6C-EFBE-48FC-AB99-2E8A36324E26} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3004046012-2611642675-55135887-1001
Task: {63A55776-D02B-48F7-9175-570DF8E438DE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {661D9490-4C35-402A-906E-109C13733A46} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {67EB6708-09BD-4C2A-842C-03F222BC8C9E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A676D30-E0D4-483D-98C0-296F62D5B9D4} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {822DAB74-3600-4FD3-9F16-0BD91C2D3221} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-19] (Microsoft Corporation)
Task: {86413FCC-5B74-4343-9C6F-DE22CCF31FD6} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AB9636F-9EB2-4E40-BC06-FC4006A2F381} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {8C7F497F-618F-4838-A60F-25CBCF0FD9FC} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AF8288DF-7160-491B-AAC0-7E85FC362DA2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B03AA59F-F230-4553-ACD3-B704AADB4777} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {C2CC876C-D3CD-4C2A-83F3-A75FEDFEE9A5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2006-12-05 07:09 - 2006-12-05 07:09 - 00022016 _____ () C:\WINDOWS\System32\DELS1L6.DLL
2013-05-16 13:58 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-07-06 13:09 - 2013-04-19 19:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 13:09 - 2013-04-19 19:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2014-02-10 15:12 - 2013-12-09 17:10 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-02-10 15:12 - 2013-12-09 17:10 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-02-10 15:12 - 2013-12-09 17:10 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-07-03 09:53 - 2014-07-03 09:53 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7a891719ed7b38bb959d812adc580f5c\PSIClient.ni.dll
2014-02-10 15:12 - 2013-12-09 17:10 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll
2014-02-10 15:12 - 2013-12-09 17:10 - 00039744 _____ () C:\Program Files (x86)\IObit\Start Menu 8\pri.dll
2014-02-10 15:12 - 2013-12-09 17:11 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2013-05-16 13:47 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-05-16 13:56 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-07-06 13:09 - 2013-05-02 20:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Eve\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Eve\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "PCFixSpeed"
HKLM\...\StartupApproved\Run32: => "PCTechHotline"
HKLM\...\StartupApproved\Run32: => "MapsGalaxy EPM Support"
HKLM\...\StartupApproved\Run32: => "MapsGalaxy_39 Browser Plugin Loader 64"
HKCU\...\StartupApproved\Run: => "Optimizer Pro"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 06:14:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: EVE-PC)
Description: App Microsoft.BingFinance_3.0.2.258_x64__8wekyb3d8bbwe+AppexFinance did not launch within its allotted time.

Error: (09/02/2014 11:29:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (09/02/2014 11:23:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (08/25/2014 02:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x53d22ad9
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x0000000000027a4e
Faulting process id: 0x1fe4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (08/25/2014 02:13:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x53d22ad9
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x0000000000027a4e
Faulting process id: 0x2b24
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (08/25/2014 02:07:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (08/24/2014 04:39:07 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (08/24/2014 04:15:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (08/23/2014 01:35:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (08/23/2014 10:51:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

System errors:
=============
Error: (09/02/2014 11:29:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/02/2014 11:28:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (09/02/2014 11:28:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtkAudioService service.

Error: (09/02/2014 11:27:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PcaSvc service.

Error: (09/02/2014 11:23:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/02/2014 11:20:44 AM) (Source: DCOM) (EventID: 10005) (User: EVE-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (09/02/2014 11:20:44 AM) (Source: DCOM) (EventID: 10005) (User: EVE-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/02/2014 11:18:54 AM) (Source: DCOM) (EventID: 10005) (User: EVE-PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/02/2014 11:18:54 AM) (Source: DCOM) (EventID: 10005) (User: EVE-PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/02/2014 11:18:54 AM) (Source: DCOM) (EventID: 10005) (User: EVE-PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Microsoft Office Sessions:
=========================
Error: (09/03/2014 06:14:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: EVE-PC)
Description: Microsoft.BingFinance_3.0.2.258_x64__8wekyb3d8bbwe+AppexFinance

Error: (09/02/2014 11:29:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (09/02/2014 11:23:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/25/2014 02:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1723953d22ad9ntdll.dll6.3.9600.1711453649e73c00000050000000000027a4e1fe401cfc08f5da5fbe0C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dllf08da8ec-2c83-11e4-be89-74867a168951

Error: (08/25/2014 02:13:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1723953d22ad9ntdll.dll6.3.9600.1711453649e73c00000050000000000027a4e2b2401cfc08faa76314eC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll73f4d6d8-2c83-11e4-be89-74867a168951

Error: (08/25/2014 02:07:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/24/2014 04:39:07 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (08/24/2014 04:15:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/23/2014 01:35:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/23/2014 10:51:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: EVE-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

==================== Memory info ===========================

Processor: Intel® Core™ i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 35%
Total physical RAM: 6013.27 MB
Available physical RAM: 3892.52 MB
Total Pagefile: 7677.27 MB
Available Pagefile: 2015.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.97 GB) (Free:410.32 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 392371DD)

Partition: GPT Partition Type.

==================== End Of Log ============================

[BrianDrab]

Thank you for the logs. I do see some things that need addressed. Please follow the instructions below. Also, can you explain to me what the symptoms were that you were having with your Graphics Card??

 

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   60bytes   106 downloads

    Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#2 - McAfee Uninstall Tool

There are remnants of Mcafee that need to be cleaned up.

1. Please download the removal tool from here and save it to your desktop.

2. Open up the program and run it and answer all the prompts appropriately to continue.

3. When you see the message CleanUp Successful, restart your computer.

 

Step#3 - AVG Uninstall (Free Version Only)

Are you using AVG free or the paid version? If it's the Free version please follow the steps below. If it's the Paid version let me know before continuing and skip these steps.

1. I see you have a start button from a third party so I'll try to modify instructions accordingly. Click the Start button, choose Control Panel and then Programs and Features.

2. Locate AVG 2013 and click Uninstall to remove it.

3. Reboot once done.

4. Please download the AVG uninstaller for 2013  and save to your Desktop.
5. Right-click on the file and choosing Run as administrator. When asked if you wish to continue please answer Yes. If you are asked to reboot, please do.
6. If you wish to use AVG still go here and click on the Download Now button. Save it to your desktop and install. If you are looking for a suggestion on what to use I would suggest Avast.

    If you decided to stick with AVG, just ensure that you choose Basic Protection when prompted.

    

 

 

  

 

Items for your next post

1. FRST fix log

2. What did you decide with regards to AVG?

3. What were the symptoms you were having with your graphics card?

 

[mewsick75]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Eve at 2014-09-05 10:34:57 Run:1
Running from C:\Users\Eve\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Optimizer Pro v3.2 (x32 Version:  - ) Hidden <==== ATTENTION
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\\SystemComponent => value deleted successfully.

==== End of Fixlog ====

 

 

Havn't decided how I feel about AVG at this point.  I can always make that decision later.

I don't think there is anything wrong with the Graphix card.  I originally thought there was because the screen was black but it turned out to be a virus.

[BrianDrab]

Do you have the free version of AVG? If so did you follow Step#3 above? Just need to confirm.

 

Thanks.

[mewsick75]

yes it was the free version

[BrianDrab]

Great. Did you follow step#3 above? If not please do. Currently your AV is not registering properly with the Security Center and is conflicting with Windows Defender. So we do need to do this. Let's just assume that you will stick with AVG for now.

 

Let me know when that is done and then I can provide you some fixes for your computer.

 

Thank you.

[mewsick75]

I did step #3 here is the log:

 

"Running zap for product code {78B5B205-2F59-4D96-9D83-DEB94CD5229B}:Fri 09/05/2014 11:28:36.90"

C:\Users\Eve\Desktop>C:\Users\Eve\AppData\Local\Temp\avg-c1d58107-e9e5-480b-8575-180dc5ae1c67.exe TW! {78B5B205-2F59-4D96-9D83-DEB94CD5229B} /nologo

***** Zapping data for user S-1-5-18 for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} cached package. . .
   Removed file: C:\Windows\Installer\a2583e7.msi
Searching for install property data for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
   Removed  \502B5B8795F269D4D938ED9BC45D22B9\InstallProperties
Searching for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
   Removed  \{78B5B205-2F59-4D96-9D83-DEB94CD5229B}
Searching user's global config location for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} data. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
   Removed upgrade code '502B5B8795F269D4D938ED9BC45D22B9' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
   Removed  \Features
   Removed  \Patches
   Removed  \Usage
   Removed  \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\502B5B8795F269D4D938ED9BC45D22B9
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
Searching per-machine global config location for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} data. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
Searching old global config location for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} data. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
Searching per-machine location for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} data. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Classes\Installer\UpgradeCodes...
   Removed upgrade code '502B5B8795F269D4D938ED9BC45D22B9' at HKLM\Software\Classes\Installer\UpgradeCodes
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Classes\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Classes\Installer\Components for published component data for the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
  Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
  Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
  Searching HKLM\Software\Classes\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
   Removed  \Media
   Removed  \Net
   Removed  \SourceList
   Removed  \Software\Classes\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9
  Searching HKLM\Software\Classes\Installer\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
   Removed  \Software\Classes\Installer\Features\502B5B8795F269D4D938ED9BC45D22B9
Searching for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} in per-user managed location. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
Searching for shared DLL counts for components tied to the product 502B5B8795F269D4D938ED9BC45D22B9. . .
   HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 502B5B8795F269D4D938ED9BC45D22B9. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 client info data. . .
   Removed client of component 004BA2842EE51E11991CE42B744210B9
   Removed client of component 024A2C06F4037B5469D01061A629DE3E
   Removed client of component 0266EE014F7854E4B9A4FDB8C2F3BA50
   Removed client of component 02779ED320979FC479FC012744CB1258
   Removed client of component 031FE99CB099F8148A5D216A810AB9E3
   Removed client of component 04E6BB0BB9774D64E96A23AD8BAE9F97
   Removed client of component 071852886F336C04D9F27D86B125D5D3
   Removed client of component 090DB5AF454881046A3FAB34F3250CAA
   Removed client of component 09C9F3EB68BA59D408BB908D120CA6B4
   Removed client of component 0D1EC642F75C1AD47A06AEEF68512C02
   Removed client of component 0D373E167E0667E46AF1F6EF69524FD7
   Removed client of component 0E52E8BEC2365E446AB1C55ABCF57CD1
   Removed client of component 0EEC6FC5249771D4AAF0999562BDD1EF
   Removed client of component 0FD981C0A54E4034C8E88F31EC55F78B
   Removed client of component 1485EFA0FDA5DA543A7FB8B465A1111A
   Removed client of component 14FCACA4CBB8095408ECC30051C33E89
   Removed client of component 15AADF8D828811C4C98BB094F5A7D7A7
   Removed client of component 1624B282DBF30334DA85266EAB1789AD
   Removed client of component 1638ADF2F94867A43B42D06774363138
   Removed client of component 16DFAAA812D65BB489FFE966C7541F73
   Removed client of component 176245506D4DB88428E2470B6745EF02
   Removed client of component 17DB6818BF09AF041A9EE8E9ACC52524
   Removed client of component 187E439F387A6E1418EC10358987AD11
   Removed client of component 1AC1C449A5E8955488ACC1C1F978846F
   Removed client of component 1ACF437A73AD5104C8540B8CD4B88F57
   Removed client of component 1AD7EDF88FCA2BC4393E59E092735C05
   Removed client of component 1BAA7656589754A4EA26140AD201E145
   Removed client of component 1C7707B05ECF4AB47A2EC783675658E8
   Removed client of component 1D9C55D4EFEC3034086FA158C75D42F8
   Removed client of component 1DE42809D3B4BA0459988C86B8E3FE1A
   Removed client of component 1E0A3878AF8A33145B90985169233A44
   Removed client of component 1FF872E0B318CA948B77334159550AFF
   Removed client of component 20EC591AF8629EB4EBD29D9D6562B0F0
   Removed client of component 223C62B317501E114BF84F30944210B9
   Removed client of component 236C41EAD4679624BAF40BB2877AF87D
   Removed client of component 2380D032D3F12E11CA4D1952168807B9
   Removed client of component 23EE791230418EB4495CBB8445045CC0
   Removed client of component 260F596AD4E072441AE2BE009F0C1A71
   Removed client of component 266D23526712D844195945F87E003BE7
   Removed client of component 276505FBA1B8E514DB3FCC3D189DD32B
   Removed client of component 293818265467F2847AFA6A71C5906433
   Removed client of component 2CC2C34655B8A284DBF11AB68E20FE30
   Removed client of component 2D56CCBB52263F141A29BD9F3755DA87
   Removed client of component 2E66FB7E9FC01D844993D2ED31ED6D7A
   Removed client of component 2E9536181AB0940438AABAFC58C1D100
   Removed client of component 2E9F267585DB5F04DA714E80AFE8E8DF
   Removed client of component 2E9FD8D85E69D474CB1B8346FFEFA7C5
   Removed client of component 2F3D29A40383F7D41AEDCFADF0B0FFCE
   Removed client of component 307E833B649BD0743916A5535FF37A34
   Removed client of component 3240AB084A976934B97146D3F5FCD7BC
   Removed client of component 32A817E2F1651374BAC8C15425297DF5
   Removed client of component 330B2A6034A2753469CE627A479D805D
   Removed client of component 3406C5144D58F734FA8E9E47EA021FE1
   Removed client of component 34CD9B6FD1B1F6546A6E84E21FDD88A8
   Removed client of component 3533E38C46481694F9AD7AD3C0BD6B48
   Removed client of component 353B0A07A15832F4A95A783AE5B93C2E
   Removed client of component 370A213F1329B524FBBA682E540EB495
   Removed client of component 374613F9366EC0247A218D00D8298E65
   Removed client of component 37C27E8C69F4C1948A610EE0B939B5B3
   Removed client of component 3959B8602E6DF864181841B4EDBFED5A
   Removed client of component 3B163857B9CD1214084D938ED1F16B9A
   Removed client of component 3C96F120532A2B449A030744300B3FD6
   Removed client of component 3CB02B6278751354F956F621861EA90D
   Removed client of component 3DC4A345873EEA749B76A6723A8666D1
   Removed client of component 405F48AFE11343643A82EE5D5A9F3DCA
   Removed client of component 421C936DB40364544A70696FCCA6AF0A
   Removed client of component 426C3BC9F98D922488957D8C0B63A550
   Removed client of component 42880575DF40D6342B4D6C02576F4287
   Removed client of component 4329F975CD1598B47AFCAA56B79E621A
   Removed client of component 44426B5A08C6B9B4092CD8AF144FC0DD
   Removed client of component 44C8EBBDEEDB0474AABE6C9F26F3A28B
   Removed client of component 4797D116AD164E64B97B92B8EC26034F
   Removed client of component 47B155206F3620047B1E6410C8A4FE61
   Removed client of component 4A134463767DE6640A984CA17D646EF0
   Removed client of component 4B304B90CD2146B4C9FD9026BF8CFA23
   Removed client of component 4BAACB10A09BCC84891E4C84E7EB5E48
   Removed client of component 4E35579992E11ED4BA01DD43C16639D9
   Removed client of component 4EA83BEA03C46EB4EB453D0526FEEE39
   Removed client of component 4FB22DA5CCF35D14BBC71D173C9CB765
   Removed client of component 5230CF6C88702A74697B5010E0CD083D
   Removed client of component 524958AEE1044504BA73E0667DFAB0C3
   Removed client of component 52F845D9E532ECE4192A247189536F56
   Removed client of component 53B4A66124B980B498319882BB90EEB1
   Removed client of component 540B22EDBCA92E54F880C41BDB4C853E
   Removed client of component 541FFB52AFDF086439FFB62DD9F6C41B
   Removed client of component 54486E81CEF9C9249B6182AFA9E761EE
   Removed client of component 548E173E88ACE854D868E041E202EF61
   Removed client of component 550D8EF204542CF47A1444F7F82C896C
   Removed client of component 5792BC794ECF1B3479A5258969783201
   Removed client of component 58F449E200182B44E901263231A91FAF
   Removed client of component 59006A3245C5F5547A02CCEBCCE81436
   Removed client of component 5A652E453F9D70A4BB9FB8A1BDF19B4C
   Removed client of component 5B04C2B8702BA7F48AD71A8EE52DC2F6
   Removed client of component 5B6A964D410573C4F92C68901FB8018B
   Removed client of component 5CBA4147CA5549849BF0447FCDAA30CA
   Removed client of component 5D83C2AEE8E852343B16D72AE68AEEC1
   Removed client of component 5D922E3860562BB4EADF825A750040C7
   Removed client of component 5E9982C3B71E861409E4FB490133F81C
   Removed client of component 5F2D632253A696049BA1D3CDE8F2B4DF
   Removed client of component 5F311204B28B2F644B6AE1948A581BE8
   Removed client of component 5F435F406E4D7AC4483BCB2C27085C74
   Removed client of component 5F9D99CFF939C0740A848609A883E574
   Removed client of component 60B1A327B11B8CE46AA6C7891E58ACC4
   Removed client of component 612FEBE317501E1129365F30944210B9
   Removed client of component 616406B47D4BF4A4C905ED7C22E410E1
   Removed client of component 624BB461518C0F94CB88FFBA9572EEC0
   Removed client of component 62B20E36CD5633640A9256434280A773
   Removed client of component 62F58F25DC7A6B3419D1A05F034D32AC
   Removed client of component 638DB6B540BC8F84DB72F105C4992827
   Removed client of component 6544A5B5B808857448A33171E900FA44
   Removed client of component 654FD6FD7F74FF047BBF46A837C689F5
   Removed client of component 66E9B6B608016DE428ADD815FAA24AD8
   Removed client of component 67890C0C3094FA54B8C1451F1C740CA6
   Removed client of component 68C1374E77C05D64AB27CA3E441911D3
   Removed client of component 6929D5527BE305B42BB345182C4FF4EA
   Removed client of component 6957C643E0BC09D429F3E853F52FFDEB
   Removed client of component 69A6F144A153F364499AD9E627047D55
   Removed client of component 6A93A02ADE963AB4EA3963505708CD0D
   Removed client of component 6B241C5526A0EA2458DB978C9DC24390
   Removed client of component 6BA6F96819F8470439D8D52879235EA1
   Removed client of component 6D20836E08179D94086B1387D1A68F56
   Removed client of component 6D23024F1FA8A8B4F8F91668912CD6D2
   Removed client of component 6F8C2315F714870419182AD8676D2EA7
   Removed client of component 6FD30319577CE654BBE9992AEDEA688C
   Removed client of component 6FE65FA6E8D67FB4A9BE50BFE4767661
   Removed client of component 7140BF1F277420E4CB8E47C7AD791ABE
   Removed client of component 72B8FF73F34537B4988DEA16C9BD6D3B
   Removed client of component 7392EE5DFB7860548A0FFBF35FBE4DC0
   Removed client of component 74793F5C31180F246BACF5EE783A2FCB
   Removed client of component 75793E17390BD1245980D06AC3599512
   Removed client of component 75B091CD3AB73274F9CB0E1C2F74213B
   Removed client of component 76106AA5839F4A74ABB589F4E1A0EFCC
   Removed client of component 761E145FED9F32E47B8DE9FB635CD504
   Removed client of component 77CC52C38D35E7A4D90E23354055E8D9
   Removed client of component 783CCEC417051744E91127462C74B3F3
   Removed client of component 7A66AF006B722B949B9B90C23A420FBD
   Removed client of component 7AD1B4E768434334C94EEAEFC41390BD
   Removed client of component 7AE8A4C6FA6F1144EB0A7F8EDC02E54C
   Removed client of component 7CAFB9DEF42D3BF40865C42E1949C7D4
   Removed client of component 7DF7034BC9D11E94289846428E750F8B
   Removed client of component 7F1E92CBE93129C4E939DA141938C6A5
   Removed client of component 8057130EE1D2DC047AF9D75AC8857515
   Removed client of component 810A56A4F9CBCFB4F8AD78FD6C3EF5C0
   Removed client of component 814D90D4529D418439DBBDFC08999A0D
   Removed client of component 820C6994EF89A6144A7BB1F7C4802946
   Removed client of component 83221A91DC2E0E0479973F5AE224F65F
   Removed client of component 85D7633A74E4F6C4DB8EDF24DAF0E421
   Removed client of component 85EC1D8B7BE494A4A9DE14D2271176C6
   Removed client of component 86C534F60C645D642ACC2C336F25078A
   Removed client of component 871459B9140A9B345A5F456AC0F931BA
   Removed client of component 8819000555EFF194B928FFD2A78768E1
   Removed client of component 8824282D3FC2C274C9BA0270BF992B9C
   Removed client of component 88A4EA5FCB885E84FA2AECD623170EEF
   Removed client of component 8AA4E8DBF5E7DFB43A46583A297D41F7
   Removed client of component 8AF3156138D7AEC42948D77A97852CEB
   Removed client of component 8B4D9423A4CE8E143898292C762029DD
   Removed client of component 8B5BC1C170CABFA4D85081BEEA06E6A9
   Removed client of component 8CE8DCFF20248134C9D87A4954C805B5
   Removed client of component 8D48B5216C727864295DCE651C0BEF25
   Removed client of component 8D6EDFD4E143F0F45B13135E4375851F
   Removed client of component 8DCB21A5AE1C45F4BA2E51E0CC4FA74A
   Removed client of component 8E05D2A78039D804EBD1DDF7D78FA823
   Removed client of component 8E7231D83B83D014188EC28230A34E6D
   Removed client of component 8E9D8466D224DB442A675EDD1C4C04FE
   Removed client of component 912B60361BF365345A5A75A97CBD68C2
   Removed client of component 9187552EC31792B4BB422EF8BF6C0D56
   Removed client of component 925E5DE4A48E048468E3B36AC92CF03C
   Removed client of component 92C1B2FD7751A3D4E96EBDBDA2FF0411
   Removed client of component 94020A7D90434424683E81F6E8CD7A90
   Removed client of component 942FEEF930A458B4E9A29AF2E14F34CF
   Removed client of component 95C0ABE3017B589439B346828547A846
   Removed client of component 961294F76542D2D428C51933F45EFD0A
   Removed client of component 961B38B889506AD4F9648D941D744112
   Removed client of component 964A33E77500CC34B8D3F5DEAD6212A6
   Removed client of component 96661C78FB1AEA04DA94578412A77B68
   Removed client of component 966747C63A185544CB4635E6A8DBF52D
   Removed client of component 969243EBD83FF364A8883F81AB8CA254
   Removed client of component 97236EC5786F2F142AFE0B5F986921BD
   Removed client of component 98285F53A1E64C4449886F5FD305C332
   Removed client of component 9840836109223A545BAF74134B243959
   Removed client of component 995C3CFF87EBF7B44B1E42E436FD7BB0
   Removed client of component 9AD6DADB72E53C24B99EE1B19DB5379E
   Removed client of component 9BF344C1FD8A25540863DE26CEF37F2B
   Removed client of component 9C3168C1B4FE5D0489043389DAEB7397
   Removed client of component 9C4D2E1408A627C43AB0A2CE740AEBAD
   Removed client of component 9D98121186CAF5447BE27C0A27AC9E60
   Removed client of component 9E5E6DEF57B80F84F9612551F22ACDBB
   Removed client of component 9EEBE80FD5D2E524E969B6DF9C7CB102
   Removed client of component 9FDF5191380E0DC4B98ABE36FD32181E
   Removed client of component A078698317501E11C8873F30944210B9
   Removed client of component A0B2411D0874F9149A8409C31EAAB8A3
   Removed client of component A106F9F9AB804B0409D145456A02925C
   Removed client of component A2CA822C9E4DF1B41B73460D0DA680A5
   Removed client of component A3B1BCF667836AA41B6B709217964635
   Removed client of component A4461EE168F5967428E8B15B629125D6
   Removed client of component A494CB46DCF942741B360E247A1C2AA1
   Removed client of component A5E1354417501E11083CCF30944210B9
   Removed client of component A73F5A4BF80CF2E4CB1F213802A925FC
   Removed client of component A754AE0AE1C52EC498470B0914896271
   Removed client of component A9112D523D8DDC0439DCDE350D7E1370
   Removed client of component A97E06C984999534599A9B70084D8324
   Removed client of component AAA83E74530BA0345A8CD4D56D0DC4E4
   Removed client of component AAD15E2BE59CDE84CA82DE3A7FB026C5
   Removed client of component AAF2AFAFB05F0F14DB278B12FD351BBF
   Removed client of component AC2DC8AF21B42D94CA77C97ADF3BBC6E
   Removed client of component AD417EF87CF72F945B3D21FBC2CCCAF0
   Removed client of component AD4F80B225907A0478A2D2E4CEC70BDA
   Removed client of component ADB328ECDAF3BB74E8CC1A1DA472872F
   Removed client of component AE6E333C4A0D5164CB2E7F45F4827EC9
   Removed client of component B0274004B5D43D243B701699F6E9A787
   Removed client of component B070C10077BE20F49A1E88557B4BCD0F
   Removed client of component B07CCD3C70D6B324AB6BCE270ACDA854
   Removed client of component B25690A289A0AA743B7ECE90AC96AB70
   Removed client of component B4945B45413C9FF418407ED706572D0E
   Removed client of component B6D0804A314D9794CB2DC1CA9447CC87
   Removed client of component B76CECF999422694F9F4EE0C2C5C38C9
   Removed client of component B7E451787FEE2FC4F99168312F2613B2
   Removed client of component B8B2E0D814F016C41951015B21962B15
   Removed client of component B9E83316EA4389E4BBA5E1D58B7DEE26
   Removed client of component B9F1F6ACF97F22445B05823FABA668C6
   Removed client of component B9F995C22DB895E46A259E9A0561EF65
   Removed client of component BB0020FCEEC72EE4C82635CB4AEEFDAB
   Removed client of component BBCD1B86FE21A5D40BFBD899EE96E126
   Removed client of component BF268E0F70ABDC543B64B0ADC65F6D71
   Removed client of component C007AAE4D6237274AA6C4F7699B5EEDA
   Removed client of component C02281E1EF91CBD44A237EA0FD6829DA
   Removed client of component C04EC70BD8AF6D343B675527297CC619
   Removed client of component C312C9549DDD4C045A370972141E8F2E
   Removed client of component C4945E06CBA4EBB42AEE44ED26A50B3D
   Removed client of component C51D811F22AA85B4DAF586FD10E5C7DF
   Removed client of component C59FFA1A8F856B846AEA06D918C5247F
   Removed client of component C642234E6EA42694BAA49029C27B6498
   Removed client of component C69980ADDBD829049A476C8ADE119E98
   Removed client of component C721BF2089B8B5E4AA82250FADF15234
   Removed client of component C74A3A2317501E114BFE2F30944210B9
   Removed client of component C7F76F2EEE9749E49ADF0E42C3780539
   Removed client of component C886527D8FC6F67409CC1785EAD83508
   Removed client of component C88AC4271F878D24DA88B8C2962CBE3F
   Removed client of component C9B4EF11DA2EA2D4C810FBE6662BF1A4
   Removed client of component CA9FDCB417501E114837FF30944210B9
   Removed client of component CAD92E502AD9C3D49B5AB379706712BC
   Removed client of component CB702553DB4AEC942B0481AF74D858DC
   Removed client of component CEB8F255FDFC43D4086F8D6CC2D7830E
   Removed client of component CEBE700D953534743B4EC0A41799F407
   Removed client of component CF23F0DE4E67AAA46BE290C1D6BCB2EE
   Removed client of component D052A04AA32C101488F9BAF100718BD1
   Removed client of component D1834842290A37643A14CB78844AFBF3
   Removed client of component D23086DA683A82A4BBF0B2EE131077C9
   Removed client of component D2C532F314BD0AB4991A62273A526DC1
   Removed client of component D78F64769AB6A8045B0DABF06D587428
   Removed client of component D8199D216DF32354AA1B0095158637AB
   Removed client of component D8649C890E767884C8AB145DF728B2A9
   Removed client of component DA946DB7FCD51EC41B9BE7C42CD484C5
   Removed client of component DB32717495A26B947ACF11E37E5A7897
   Removed client of component DC13049ABFE793F41A00D4EE8D45201E
   Removed client of component DE5C8B6756FCC2C41B247DE2E43B294B
   Removed client of component DE6515E7940D0F345A59EFCDD5A902A0
   Removed client of component E3958B5CC9C8AC0409E9268C92EA3EE8
   Removed client of component E55C899417501E11ABA6EF30944210B9
   Removed client of component E56E34AF828DBB842A614EDC23CB832F
   Removed client of component E9DDBE890CAD61B4A857806173F7008D
   Removed client of component EA719334FEE375B42A40127F1CBDBD8D
   Removed client of component EAA4924ABFDB9B64895C9F6F80710E31
   Removed client of component EB06BD404D6EB77448B48C83D896EEAE
   Removed client of component ECE0F38817DBD0B4DA452B9D22D9B8CB
   Removed client of component EDD60B04B17BAC84C8E6B7ECD43134CF
   Removed client of component EF6EBB5A483B7864995330C41B4C186A
   Removed client of component EFAA17640D5C32040BD60C8459F6B976
   Removed client of component F0839BF88786D904D842E3A12C0E09FD
   Removed client of component F0B37368858122745BF13801FD7B611E
   Removed client of component F1D58F8ED3EF8D745952788E5502E49A
   Removed client of component F23211A50A7D05C419A71F174EAFB381
   Removed client of component F2DBABA7B2EDF864AAB17F1EBFFEA8DA
   Removed client of component F325D7BB7989D8F4D876651E5811E2A6
   Removed client of component F37254A0CBD8F9541B80E791020606D1
   Removed client of component F4D782571CE12024B84AA31D22136EF5
   Removed client of component F51AF4ADB0547454CB4949C8C335876B
   Removed client of component F57C8C66B6368A24D964E7CEA0FB76B8
   Removed client of component F5B5A5037B19F1547A2CA4DBE7807A32
   Removed client of component F630609201243F74387E1C6E15247B8A
   Removed client of component F88CAF2FAFCC5C942BA5CF677A776A14
   Removed client of component FA803F8E5B429B349A444DBFCAEDBE4B
   Removed client of component FAB9DCF931C3F164DBC573B06C1F16C1
   Removed client of component FB7B93F636C3C3348963342CD4E0762A
   Removed client of component FEE4EBBD3F1EBC4488E444E5AFBC41DA
   Removed client of component FF36B9353EFFC884EB4D904BB4D28506
   Removed client of component FFA682240B83CC6438EE4F06251A4357
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 client info data. . .
Searching for Installer files and folders associated with the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
  Searching for files and folders in the user's profile. . .
  Searching for files and folders in the %WINDIR%\Installer folder

***** Zapping data for user S-1-5-18 for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} cached package. . .
Searching for install property data for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
Searching user's global config location for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} data. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
Searching per-machine global config location for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} data. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
Searching old global config location for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} data. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
Searching per-machine location for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} data. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Classes\Installer\UpgradeCodes...
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Classes\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Classes\Installer\Components for published component data for the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
  Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
  Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
  Searching HKLM\Software\Classes\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
  Searching HKLM\Software\Classes\Installer\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
Searching for product {78B5B205-2F59-4D96-9D83-DEB94CD5229B} in per-user managed location. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
  Searching for patches for product 502B5B8795F269D4D938ED9BC45D22B9 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\502B5B8795F269D4D938ED9BC45D22B9 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\502B5B8795F269D4D938ED9BC45D22B9 for product feature data. . .
Searching for shared DLL counts for components tied to the product 502B5B8795F269D4D938ED9BC45D22B9. . .
   HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 502B5B8795F269D4D938ED9BC45D22B9. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 client info data. . .
  Searching for product 502B5B8795F269D4D938ED9BC45D22B9 client info data. . .
Searching for Installer files and folders associated with the product {78B5B205-2F59-4D96-9D83-DEB94CD5229B}. . .
  Searching for files and folders in the user's profile. . .
  Searching for files and folders in the %WINDIR%\Installer folder
"Running zap for product code {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}:Fri 09/05/2014 11:28:37.42"

C:\Users\Eve\Desktop>C:\Users\Eve\AppData\Local\Temp\avg-c1d58107-e9e5-480b-8575-180dc5ae1c67.exe TW! {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} /nologo

***** Zapping data for user S-1-5-18 for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} cached package. . .
   Removed file: C:\Windows\Installer\7c7a418f.msi
Searching for install property data for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
   Removed  \4BD28B7510A8B7F489C7A964EC4C03A3\InstallProperties
Searching for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
   Removed  \{57B82DB4-8A01-4F7B-987C-9A46CEC4303A}
Searching user's global config location for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} data. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
   Removed upgrade code '4BD28B7510A8B7F489C7A964EC4C03A3' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
   Removed  \Features
   Removed  \Patches
   Removed  \Usage
   Removed  \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD28B7510A8B7F489C7A964EC4C03A3
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
Searching per-machine global config location for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} data. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
Searching old global config location for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} data. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
Searching per-machine location for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} data. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Classes\Installer\UpgradeCodes...
   Removed upgrade code '4BD28B7510A8B7F489C7A964EC4C03A3' at HKLM\Software\Classes\Installer\UpgradeCodes
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Classes\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Classes\Installer\Components for published component data for the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
  Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
  Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
  Searching HKLM\Software\Classes\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
   Removed  \Media
   Removed  \Net
   Removed  \SourceList
   Removed  \Software\Classes\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3
  Searching HKLM\Software\Classes\Installer\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
   Removed  \Software\Classes\Installer\Features\4BD28B7510A8B7F489C7A964EC4C03A3
Searching for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} in per-user managed location. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
Searching for shared DLL counts for components tied to the product 4BD28B7510A8B7F489C7A964EC4C03A3. . .
   HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 4BD28B7510A8B7F489C7A964EC4C03A3. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 client info data. . .
   Removed client of component 6DD59CAB607A33D4EB07CA228BB8F96A
   Removed client of component 6E95EF49043E05641BFF662F82B7EC70
   Removed client of component AC395BE4B2B8635489A419917C137F01
   Removed client of component B0F74307246A20C44BBFC1CF15551D8B
   Removed client of component D148D943B7518814D960DE57FA86DDAA
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 client info data. . .
Searching for Installer files and folders associated with the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
  Searching for files and folders in the user's profile. . .
  Searching for files and folders in the %WINDIR%\Installer folder

***** Zapping data for user S-1-5-18 for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} cached package. . .
Searching for install property data for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
Searching user's global config location for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} data. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
Searching per-machine global config location for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} data. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
Searching old global config location for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} data. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
Searching per-machine location for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} data. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Classes\Installer\UpgradeCodes...
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Classes\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Classes\Installer\Components for published component data for the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
  Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
  Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
  Searching HKLM\Software\Classes\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
  Searching HKLM\Software\Classes\Installer\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
Searching for product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A} in per-user managed location. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
  Searching for patches for product 4BD28B7510A8B7F489C7A964EC4C03A3 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3\Patches
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\4BD28B7510A8B7F489C7A964EC4C03A3 for product data. . .
  Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\4BD28B7510A8B7F489C7A964EC4C03A3 for product feature data. . .
Searching for shared DLL counts for components tied to the product 4BD28B7510A8B7F489C7A964EC4C03A3. . .
   HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 4BD28B7510A8B7F489C7A964EC4C03A3. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 client info data. . .
  Searching for product 4BD28B7510A8B7F489C7A964EC4C03A3 client info data. . .
Searching for Installer files and folders associated with the product {57B82DB4-8A01-4F7B-987C-9A46CEC4303A}. . .
  Searching for files and folders in the user's profile. . .
  Searching for files and folders in the %WINDIR%\Installer folder

[BrianDrab]

Good job. Please do the following. Note: You may want to temporarily disable AVG 2014 until these steps are complete so there is no conflict. You should be able to right-click on the icon in your system tray and choose Temporarily disable AVG protection. Pick what you think is appropriate (i.e. 15 minutes, Until Reboot, etc.).

 

 

Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot.

Amazon Browser App

Optimizer Pro v3.2

Shared C Run-time for x64

Start Menu 8 <--- (Optional however the vendor is untrustworthy and deemed a rogue within the Anti-Malware community as a whole. A good alternative is from classicshell.net.

 

Step#2 - Adware Scan
 
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-Click on AdwCleaner.exe and select Run as administrator to run the tool. Click Yes if asked to allow the program from an unknown publisher.
4. Click I Agree on the Terms of Use screen.
5. Click on Scan.
6. After the scan is complete click on "Clean"
7. Confirm each time with Ok on the messages that follow.
8. Your computer will be rebooted automatically. A text file will open after the restart.
9. Please post the content of that logfile with your next answer.
10. You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

Step#3 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   1.81KB   117 downloads

    Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#4 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer if prompted.

2. Please ensure you check the Addition.txt check box within the Optional Scan section.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from.
5. Please copy and paste log back here.
6. It will also generate another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

  

 

Items for your next post

1. AdwCleaner log

2. FRST fix log

3. New FRST and Addition logs

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.