Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:Win32 New Topic [Solved]


  • This topic is locked This topic is locked

#1
scewter

scewter

    Member

  • Member
  • PipPip
  • 96 posts

Standing by


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Thanks for the logs, I know it has been a mission for you :)

Poweliks has been removed by the tool so we can proceed with the cleanup.

Step 1


FRST Fix

If FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   113.19KB   25 downloads and save it to your desktop <<< very important - it must be in the same location as FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2

Congratulations, you have done really well and all is looking good with your machine.

I would like you to perform the following steps to make sure your computer is really clean:


Step 2

Run Malwarebytes' Anti-Malware

  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • If threats are detected, click the Apply Actions button.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


    Step 3
    ESET Online Scanner

    Please run a free online scan with the ESET Online Scanner
    << Please disable any existing anti virus product before performing the following. >>
    • Click Run Eset Online Scanner
    Runscan.png


    Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
    Important: Please disable your existing AV software for the duration of the scan. If you need instructions on how to disable it, please check out this site: http://www.bleepingc...lware-programs/
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the option Enable detection of potentially unwanted applications is checked
    • Next click on Advanced Settings and select:
    eset-selections.png
    • Make sure that the option Remove found threats is NOT checked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    eset-selections.png
    • Click Start, the virus database will update, this may take a while depending on your internet connection.
    • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
    • Once the scan is completed, click Finish
    • Use Notepad to open the logfile located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
  • Items I need to see in your next post:
    • FRST Fixlog
    • MBAm Log
    • ESET log

  • 0

#3
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

OK - all complete.

 

Here're the results (attached)

 

 

Attached Files


Edited by scewter, 10 January 2015 - 05:33 PM.

  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Looking good from here - just a few items to remove.
How is your computer running right now?
The ESET list was very long, but it is including the items that are in FRST quarantine from our removal. Only actually a few items it detected elsewhere.
We will deal with them manually. Then take a fresh look to make sure it's all good.

First...
FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   2.51KB   65 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Then...

Supplemental FRST Scan
Please run FRST/FRST64 again from your Desktop. If you do not currently have it on your system, download it from here and save it to your desktop.


  • Right click frst.png to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

Then...

Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click securitycheck.png SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Items I need to see in your next post:


  • FRST Fixlog
  • Fresh FRST Log
  • Security Check log
  • How are things running?

  • 0

#5
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

All done.

 

All three scans completed and results will be pasted here.

 

System seems to be running OK. The amount of processes (found in Task Manager) are down almost to the level they were prior to the infection.

 

When I ran the second scan (FRST scan) I did not check the three boxes you had me select before - Drivers MD5, Shortcut.txt, and Addition.txt. I don't know if they needed to be checked or not, but I thought I would bring that up in this response.

 

FRST Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-01-2015
Ran by Scott at 2015-01-11 10:14:01 Run:2
Running from C:\Users\Scott\Desktop
Loaded Profile: Scott (Available profiles: Scott)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\ProgramData\Skype\Plugins\Local Cache\INSTALL_TOR.URL
C:\ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache\INSTALL_TOR.URL
C:\Users\All Users\Skype\Plugins\Local Cache\INSTALL_TOR.URL
C:\Users\All Users\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache\INSTALL_TOR.URL
C:\Users\Scott\AppData\Roaming\Adobe\Flash Player\AssetCache\INSTALL_TOR.URL
C:\Users\Scott\AppData\Roaming\Adobe\Flash Player\AssetCache\U3ZLWRW2\INSTALL_TOR.URL
C:\Users\Scott\AppData\Roaming\Microsoft\Templates\INSTALL_TOR.URL
C:\Users\Scott\AppData\Roaming\Skype\scodon\media_messaging\media_cache\INSTALL_TOR.URL
C:\Users\Scott\AppData\Roaming\Skype\scodon\media_messaging\media_cache\asyncdb\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\assessmentEngine\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\menuImage\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\superTextImage\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\superTextImageHelpers\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\imageWidget\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\imageWidget\assets\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\imageZoomWidget\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\videoWidget\INSTALL_TOR.URL
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\deltaUI\INSTALL_TOR.URL
C:\Users\Scott\Desktop\ccsetup418.exe
C:\Users\Scott\Downloads\CCleaner_Setup [1].exe
C:\Users\Scott\Downloads\CCleaner_Setup.exe
C:\Users\Scott\Downloads\ccsetup501.exe
C:\Users\Scott\Downloads\siw-setup.exe
C:\Users\Scott\Excel\INSTALL_TOR.URL
C:\Users\Scott\House Building Project\ACC\INSTALL_TOR.URL
C:\Windows\System32\roboot.exe
end
*****************

C:\ProgramData\Skype\Plugins\Local Cache\INSTALL_TOR.URL => Moved successfully.
C:\ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache\INSTALL_TOR.URL => Moved successfully.
"C:\Users\All Users\Skype\Plugins\Local Cache\INSTALL_TOR.URL" => File/Directory not found.
"C:\Users\All Users\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache\INSTALL_TOR.URL" => File/Directory not found.
C:\Users\Scott\AppData\Roaming\Adobe\Flash Player\AssetCache\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\AppData\Roaming\Adobe\Flash Player\AssetCache\U3ZLWRW2\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\AppData\Roaming\Microsoft\Templates\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\AppData\Roaming\Skype\scodon\media_messaging\media_cache\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\AppData\Roaming\Skype\scodon\media_messaging\media_cache\asyncdb\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\assessmentEngine\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\menuImage\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\superTextImage\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseTemplates\as3\superTextImageHelpers\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\imageWidget\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\imageWidget\assets\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\imageZoomWidget\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\baseWidgets\videoWidget\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\DAL\Worldwide Operations Training\courses\assets\templates\deltaUI\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\Desktop\ccsetup418.exe => Moved successfully.
C:\Users\Scott\Downloads\CCleaner_Setup [1].exe => Moved successfully.
C:\Users\Scott\Downloads\CCleaner_Setup.exe => Moved successfully.
C:\Users\Scott\Downloads\ccsetup501.exe => Moved successfully.
C:\Users\Scott\Downloads\siw-setup.exe => Moved successfully.
C:\Users\Scott\Excel\INSTALL_TOR.URL => Moved successfully.
C:\Users\Scott\House Building Project\ACC\INSTALL_TOR.URL => Moved successfully.
C:\Windows\System32\roboot.exe => Moved successfully.

==== End of Fixlog 10:14:02 ====

 

Fresh FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by Scott (administrator) on SCOTTS-PC on 11-01-2015 10:14:40
Running from C:\Users\Scott\Desktop
Loaded Profile: Scott (Available profiles: Scott)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2008-03-04] (Creative Technology Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-10-27] (Dell Inc.)
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-03-29] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-557573325-724235706-1658740018-1000\...\RunOnce: [Adobe Speed Launcher] => 1420987681
HKU\S-1-5-21-557573325-724235706-1658740018-1000\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFFFF
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-557573325-724235706-1658740018-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=4081218
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...&q={SEARCHTERMS}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-557573325-724235706-1658740018-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingb...SlingPlayer.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\1w7jlq6f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\1w7jlq6f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-08-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-23]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome In-App Payments service) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-05-21] (Macrovision Europe Ltd.) [File not signed]
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-10-27] (Dell Inc.) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-10-27] (Broadcom Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2010-07-12] (FTDI Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 10:10 - 2015-01-11 10:10 - 00852504 _____ () C:\Users\Scott\Desktop\SecurityCheck.exe
2015-01-10 16:51 - 2015-01-10 16:51 - 00000000 ____D () C:\Program Files\ESET
2015-01-10 11:27 - 2015-01-10 11:27 - 00205249 _____ () C:\Users\Scott\Desktop\Shortcut.txt
2015-01-10 11:25 - 2015-01-10 11:27 - 00020100 _____ () C:\Users\Scott\Desktop\Addition.txt
2015-01-10 11:24 - 2015-01-11 10:14 - 00013738 _____ () C:\Users\Scott\Desktop\FRST.txt
2015-01-10 11:16 - 2015-01-11 10:14 - 00000000 ____D () C:\FRST
2015-01-10 11:10 - 2015-01-10 11:12 - 01508816 _____ () C:\Users\Scott\Desktop\ESETPoweliksCleaner.exe_20150110.111033.5088.log
2015-01-10 11:07 - 2015-01-10 11:07 - 01115648 _____ (Farbar) C:\Users\Scott\Desktop\FRST.exe
2015-01-10 11:00 - 2015-01-10 11:00 - 00186568 _____ (ESET) C:\Users\Scott\Desktop\ESETPoweliksCleaner.exe
2015-01-09 19:30 - 2015-01-09 19:30 - 01295360 _____ () C:\Users\Scott\Desktop\zoek.exe
2015-01-09 19:14 - 2015-01-09 19:14 - 00001469 _____ () C:\Users\Scott\Desktop\JRT.txt
2015-01-09 19:12 - 2015-01-09 19:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 19:06 - 2015-01-09 19:06 - 00000034 _____ () C:\Windows\setupact.log
2015-01-09 19:06 - 2015-01-09 19:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-09 18:49 - 2015-01-09 19:30 - 00000002 _____ () C:\runcheck.txt
2015-01-09 18:49 - 2015-01-09 18:49 - 00000000 ____D () C:\zoek_backup
2015-01-09 18:36 - 2015-01-09 18:36 - 00000000 ____D () C:\_OTL
2015-01-09 18:26 - 2015-01-09 18:26 - 01707939 _____ (Thisisu) C:\Users\Scott\Desktop\JRT.exe
2015-01-09 12:26 - 2015-01-09 12:26 - 00050382 _____ () C:\Users\Scott\Desktop\Extras.Txt
2015-01-09 12:25 - 2015-01-09 12:25 - 00060230 _____ () C:\Users\Scott\Desktop\OTL.Txt
2015-01-09 12:16 - 2015-01-09 12:16 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Desktop\OTL.exe
2015-01-04 14:23 - 2015-01-10 10:20 - 00003736 _____ () C:\Windows\PFRO.log
2015-01-04 11:42 - 2015-01-04 11:42 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\ProductData
2015-01-04 10:33 - 2015-01-09 18:33 - 00000000 ____D () C:\Program Files\IObit
2015-01-04 10:33 - 2015-01-04 10:33 - 00000000 ____D () C:\Users\Scott\AppData\IObit
2015-01-04 10:33 - 2015-01-04 10:33 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-04 10:33 - 2015-01-04 10:33 - 00000000 ____D () C:\ProgramData\IObit
2015-01-04 10:32 - 2015-01-04 10:33 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\IObit
2014-12-28 13:28 - 2014-12-28 13:28 - 02151788 _____ () C:\Users\Scott\Downloads\new-years-eve-balloons-12-28-14.zip
2014-12-25 19:25 - 2014-12-25 19:25 - 00237792 _____ () C:\Users\Scott\Downloads\viewattachment(7)
2014-12-23 10:41 - 2014-12-23 10:41 - 02548585 _____ () C:\Users\Scott\Downloads\joy-to-the-world-phrase-12-23-14.zip
2014-12-23 10:37 - 2014-12-23 10:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 09:38 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-13 09:38 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 09:20 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-12 10:43 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-12 10:43 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 10:43 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 10:43 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 10:43 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 10:43 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 10:43 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 10:43 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-12 10:43 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 10:43 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-12 10:43 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 10:43 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 10:43 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-12 10:43 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 10:43 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-12 10:43 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 10:43 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 10:43 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 10:43 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 10:43 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 10:43 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-12 10:43 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 10:14 - 2010-04-14 15:14 - 00000000 ____D () C:\Users\Scott\Excel
2015-01-11 09:59 - 2008-12-18 06:18 - 01663234 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 09:55 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 09:47 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 09:47 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 09:47 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 18:51 - 2009-01-08 14:42 - 00001627 _____ () C:\Windows\bthservsdp.dat
2015-01-10 18:51 - 2006-11-02 07:58 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-10 16:25 - 2014-07-28 11:34 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 16:02 - 2014-07-11 14:05 - 00000000 ____D () C:\Users\Scott\AppData\Local\Skype
2015-01-10 16:02 - 2011-01-14 21:31 - 00000000 ____D () C:\Users\Scott\AppData\Local\Microsoft Games
2015-01-10 16:02 - 2009-07-06 20:21 - 00000000 ____D () C:\Users\Scott\AppData\Local\MediaMonkey
2015-01-10 16:02 - 2009-05-21 14:03 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Mozilla
2015-01-10 16:02 - 2009-05-21 14:03 - 00000000 ____D () C:\Users\Scott\AppData\Local\Mozilla
2015-01-10 16:02 - 2009-05-21 12:14 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Intuit
2015-01-10 16:02 - 2009-05-21 11:52 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Skype
2015-01-10 16:02 - 2009-05-11 20:25 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
2015-01-10 16:02 - 2009-05-11 19:51 - 00000000 ____D () C:\Users\Scott\AppData\Local\SupportSoft
2015-01-10 16:02 - 2009-01-08 16:03 - 00000000 ____D () C:\Users\Scott\AppData\Local\Google
2015-01-10 16:02 - 2009-01-08 15:16 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Adobe
2015-01-10 16:01 - 2014-09-05 15:08 - 00000000 ____D () C:\Users\Scott\Penny
2015-01-10 16:01 - 2014-09-05 12:52 - 00000000 ____D () C:\Users\Scott\Documents\Delta Jointer
2015-01-10 16:01 - 2014-08-06 10:41 - 00000000 ___HD () C:\Users\Public\Documents\Report
2015-01-10 16:01 - 2014-01-10 09:36 - 00000000 ____D () C:\Users\Scott\Low Voltage Products
2015-01-10 16:01 - 2013-08-25 09:44 - 00000000 ____D () C:\Users\Scott\Documents\Pennsylvania Tax Issues
2015-01-10 16:01 - 2013-08-04 16:35 - 00000000 ____D () C:\Users\Scott\Documents\ezvid
2015-01-10 16:01 - 2013-07-05 20:13 - 00000000 ____D () C:\Users\Scott\Documents\Oohleeno Lane House Sale
2015-01-10 16:01 - 2013-07-02 00:33 - 00000000 ____D () C:\Users\Scott\ITU_IT University Online
2015-01-10 16:01 - 2013-05-03 17:42 - 00000000 ____D () C:\Users\Scott\Documents\Asus TF700 Tablet
2015-01-10 16:01 - 2013-04-07 05:13 - 00000000 ____D () C:\Users\Scott\New Age Cabinets
2015-01-10 16:01 - 2013-02-20 14:16 - 00000000 ____D () C:\Users\Scott\Dell Computers
2015-01-10 16:01 - 2013-01-24 18:37 - 00000000 ____D () C:\Users\Scott\Documents\Tablets
2015-01-10 16:01 - 2012-09-04 03:24 - 00000000 ____D () C:\Users\Scott\Downloads\LG 47LM7600_LED TV
2015-01-10 16:01 - 2011-10-12 16:12 - 00000000 ____D () C:\Users\Scott\Documents\Clock Repair
2015-01-10 16:01 - 2011-03-06 12:29 - 00000000 ____D () C:\Users\Scott\House Building Project_from thumb drive
2015-01-10 16:01 - 2010-12-23 22:35 - 00000000 ____D () C:\Users\Scott\Documents\Olympus Stylus 7030 Camera
2015-01-10 16:01 - 2010-09-15 11:22 - 00000000 ____D () C:\ProgramData\Alwil Software
2015-01-10 16:01 - 2010-06-27 21:14 - 00000000 ____D () C:\Users\Scott\Documents\GOES
2015-01-10 16:01 - 2010-02-25 20:44 - 00000000 ____D () C:\ProgramData\Broderbund Software
2015-01-10 16:01 - 2010-02-07 15:20 - 00000000 ____D () C:\Users\Scott\House Building Project
2015-01-10 16:01 - 2009-12-28 12:27 - 00000000 ____D () C:\Users\Scott\Documents\Geeks to Go
2015-01-10 16:01 - 2009-11-14 17:59 - 00000000 ____D () C:\Users\Scott\Documents\Symantec
2015-01-10 16:01 - 2009-08-18 14:38 - 00000000 ____D () C:\Users\Scott\Documents\House Building Project
2015-01-10 16:01 - 2009-05-21 12:14 - 00000000 ____D () C:\ProgramData\Intuit
2015-01-10 16:01 - 2009-05-21 11:51 - 00000000 ____D () C:\ProgramData\Skype
2015-01-10 16:01 - 2009-05-13 21:58 - 00000000 ____D () C:\Users\Scott\Inspiron 1525 Laptop
2015-01-10 16:01 - 2008-12-18 13:01 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-10 16:01 - 2008-12-18 12:54 - 00000000 ____D () C:\ProgramData\Dell
2015-01-10 16:01 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2015-01-10 16:00 - 2009-01-08 15:54 - 00000000 ____D () C:\Users\Scott
2015-01-08 13:04 - 2011-08-22 22:03 - 00000000 ____D () C:\Users\Scott\Rhino 6000 Labeling System
2015-01-04 12:55 - 2014-09-27 12:04 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-04 12:54 - 2012-09-04 05:32 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-04 11:39 - 2009-12-19 22:48 - 00000000 ____D () C:\Users\Scott\AppData\Local\Stardock_Corporation
2015-01-04 11:39 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Branding
2015-01-04 10:44 - 2014-07-28 11:34 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-04 10:44 - 2014-07-28 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-04 10:44 - 2014-07-28 11:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-04 06:59 - 2009-05-13 18:33 - 00005972 _____ () C:\Users\Scott\AppData\Local\d3d9caps.dat
2014-12-31 06:13 - 2010-10-05 19:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 11:22 - 2009-05-13 19:05 - 00000000 ____D () C:\Users\Scott\DAL
2014-12-25 11:02 - 2012-09-03 13:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 19:22 - 2011-03-18 16:18 - 00000000 ____D () C:\cmi
2014-12-14 09:08 - 2012-09-03 21:37 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-14 09:08 - 2012-09-03 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-13 09:59 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-12-13 09:40 - 2009-05-21 12:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 09:34 - 2013-08-06 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-13 09:26 - 2006-11-02 05:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-12 10:44 - 2013-01-24 17:47 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-11 09:53

==================== End Of Log ============================

 

 

Security Check log

 

 Results of screen317's Security Check version 0.99.93 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player  16.0.0.235 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

 

How are things running?

 

All good.


  • 0

#6
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi :D

That was correct with the selections, we were doing a follow up scan so the extra files were not necessary :D

Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix-select.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

We need to uninstall a program
Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select the following programs from the list below, one at a time and click Uninstall.

  • ESET Online Scanner

Delete the following Files and Folders (If Present):
C:\Program Files (x86)\ESET
Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 7
To turn on Automatic Updates yourself, follow these steps:

  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.

It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.

JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

  • For Firefox, install the NoScript add-on.
  • For Chrome, install the ScriptNo add-on.
    -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
  • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
  • Click the "Download button under "JRE".
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 8u25 heading:
    To install the version for your system:
    • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

  • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
  • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    • Java 7 Update
    • Java 8 (64-bit)
    • Java SE Development Kit 8
  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

C.
Install the latest JAVA

Back on your desktop:

  • Right click the jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.

  • Please click here to go to the FlashPlayer Installation page.
  • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
    • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
  • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
  • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
  • Close the browser and all open windows.
  • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.

Cryptolocker Warning
Go here for information about CryptoLocker Ransomeware.
The main thing with this infection is ~ Backup.
If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

Recommended Programs
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice

  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#7
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Ruggie, got most of this done.

 

Here's the log for Delfix (note, it did not remove EsetPoweliksCleaner.exe, so I deleted that manually from the desktop):

 

# DelFix v10.8 - Logfile created 11/01/2015 at 12:15:49
# Updated 29/07/2014 by Xplode
# Username : Scott - SCOTTS-PC
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\Users\Scott\Desktop\FRST.exe
Deleted : C:\Users\Scott\Desktop\JRT.exe
Deleted : C:\Users\Scott\Desktop\OTL.exe
Deleted : C:\Users\Scott\Desktop\SecurityCheck.exe
Deleted : C:\Users\Scott\Desktop\zoek.exe
Deleted : C:\Users\Scott\Downloads\Flash_Disinfector.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #882 [Scheduled Checkpoint | 12/28/2014 16:25:00]
Deleted : RP #883 [Scheduled Checkpoint | 12/29/2014 15:31:42]
Deleted : RP #884 [Windows Update | 12/30/2014 17:21:50]
Deleted : RP #885 [Scheduled Checkpoint | 12/31/2014 17:07:20]
Deleted : RP #886 [Windows Update | 01/02/2015 20:11:56]
Deleted : RP #887 [Scheduled Checkpoint | 01/04/2015 02:51:51]
Deleted : RP #888 [Scheduled Checkpoint | 01/04/2015 17:13:07]
Deleted : RP #889 [Scheduled Checkpoint | 01/05/2015 16:48:44]
Deleted : RP #890 [Scheduled Checkpoint | 01/06/2015 18:29:38]
Deleted : RP #891 [Windows Update | 01/06/2015 22:51:28]
Deleted : RP #892 [Scheduled Checkpoint | 01/08/2015 14:13:59]
Deleted : RP #893 [Scheduled Checkpoint | 01/09/2015 15:03:53]
Deleted : RP #894 [Windows Update | 01/10/2015 00:16:35]
Deleted : RP #895 [Scheduled Checkpoint | 01/10/2015 15:14:11]
Deleted : RP #897 [Restore Point Created by FRST | 01/10/2015 21:00:40]
Deleted : RP #898 [Scheduled Checkpoint | 01/11/2015 16:30:14]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

Additionally, ESET Online Scanner program was uninstalled per your recc as well as removal of the files/folders associated with Eset.

 

r.e. "Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin." Process complete.

 

The OS on this laptop is Vista Home Basic, and I do have the Auto Updates selected.

 

r.e. "Remove all older versions of Java......The versions I see on the computer are:

  • Java 7 Update
  • Java 8 (64-bit)
  • Java SE Development Kit 8"

I'm following your advice and completely removing Java from this computer as well as our other two home computers. The only Java program I could find in Start > Control Panel > Add/Remove Programs, was Java 8 Update 25. That was uninstalled. I could find no other Java programs in that list. I did locate on the Desktop JRE-8u25windows.exe. Since the date matched up with the program I uninstalled I'm guessing this was the update I downloaded before installing. Regardless it was deleted as well. I could find no other occurances of Java, except for a file and folders located in C:\Program Files\Java. I'm guessing that's the leftover file location for the program I uninstalled?

 

 

OK. That covers most of what you had mentioned.

 

I do have several questions for you regarding this malware infection before we close out this topic, but I wanted to get back to you with the results of what you had instructed me to do.

 


  • 0

#8
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

That's all good :D

 

Go for it.....


  • 0

#9
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

What was the name of the Malware?

Is it at all possible that our other two computers at home (desktops) would be infected with the same malware on account of sharing data files by way of thumb drives (spreadsheets, Quicken data, pictures, etc) with this laptop since it was infected?

 

If so, then how would you recommend I proceed with verifying whether they are indeed infected?

 

On account of the ransom ware, I've got quite a few data files that are encrypted on this laptop. Is it possible to recover them?

 

What tool would you recommend I use for deleting programs in view of your comments regarding IObit software? I have used Revo in the past and liked it.

 

Depending on the answer I may have a follow-up.

 

Thnx so much for your time in this.


  • 0

#10
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Firstly the time is no problem. Most of us here actually enjoy doing this :D

 

The main infection you had is commonly called poweliks, but it isn't an infection like others as it doesn't have a file associated with it - just registry entries so most programs do not detect it. As OTL didn't at the start.

You named it in your first post but it was identified using a different name. Trojan:Win32/Powessere.A!reg

 

Revo is good software and is well regarded and indeed used here.

 

As for the other questions - I am just awaiting confirmation on the best course of action.


  • 0

Advertisements


#11
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

OK, thnx.

 

r.e. "Trojan:Win32/Powessere.A!reg"

 

This same malware was indentified in the following Topic:

 

http://www.geekstogo...-by-ransomware/

 

After reviewing the posts in that Topic, it appears the resolution may be reformatting the HDD and reinstalling the OS (final resolution has not been reached as of this post).

 

That being the case, is that a potential resolution for this infection as well, or are we confident enough that the threat has been removed completely? I'm not advocating that as a solution, but am more curious as to how different this infection is compared to that one? Seems identical to me?

 

OK, thnx again.


  • 0

#12
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

The main infection we have just dealt with is totally different. The other thread also has a current ransomware infection along with poweliks.

The wiping clean option mentioned is one possibility, but does involve having recovery discs to restore the computer.

Although we can never guarantee 100%, the cleaning we do here is very thorough and there is a lot of experience with almost all malware so that a reinstall is not necessary.

 

Feel free to run FRST on the other computers and post the logs here(We will do one at a time) so we can ensure they are clean.

 

For your encrypted files. Try running DecryptPClock2 and see if it has success with your locked files. It works with a few types of cryptolocker.


  • 0

#13
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

OK - thnx for the response.

 

Will have to look at all that tomorrow as I've got some other things to take care of tonight.

 

Will re-post with results at that time.


  • 0

#14
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Ruggie, here're two logs of the results of scanning the first desktop computer at home with FRST (the results for the second computer will be in a separate post as instructed):

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
Ran by Scott (administrator) on SCOTT-PC on 12-01-2015 08:21:17
Running from Y:\Scotty\Desktop
Loaded Profile: Scott (Available profiles: Scott & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: {91b984ca-2f84-11e4-b2ba-180373b1ac40} - I:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504
FF Homepage: https://www.google.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-05-31]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; C:\Windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 08:21 - 2015-01-12 08:21 - 00000000 ____D () C:\FRST
2014-12-17 21:58 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 21:58 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 08:16 - 2013-05-26 10:04 - 00000000 ____D () C:\Users\Scott\AppData\Local\Google
2015-01-12 08:16 - 2013-05-26 10:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-12 08:09 - 2013-05-26 10:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 05:06 - 2011-09-09 12:30 - 01718505 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 09:35 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 09:35 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 09:32 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 09:28 - 2014-06-20 11:47 - 00009656 _____ () C:\Windows\setupact.log
2015-01-11 09:28 - 2013-05-26 10:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 09:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 22:00 - 2013-06-06 09:10 - 00002609 _____ () C:\Users\Public\Desktop\Navtech PBS.lnk
2015-01-07 22:00 - 2013-06-06 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navtech
2014-12-31 06:14 - 2011-06-08 16:21 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-18 09:18 - 2013-10-26 09:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-18 09:18 - 2013-10-26 09:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-18 09:18 - 2013-02-21 09:46 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
2014-12-13 13:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

Files to move or delete:
====================
C:\Users\Scott\en_res.dll
C:\Users\Scott\es_res.dll
C:\Users\Scott\fr_res.dll
C:\Users\Scott\grm_res.dll
C:\Users\Scott\it_res.dll
C:\Users\Scott\jp_res.dll
C:\Users\Scott\mfc80u.dll
C:\Users\Scott\msvcr80.dll
C:\Users\Scott\PCPE Setup.exe
C:\Users\Scott\pt_res.dll
C:\Users\Scott\ResourceReader.dll
C:\Users\Scott\ru_res.dll
C:\Users\Scott\zh_res.dll

Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\Scott\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 00:40

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
Ran by Scott at 2015-01-12 08:21:34
Running from Y:\Scotty\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ATI AVIVO64 Codecs (Version: 11.6.0.10104 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BufferChm (x32 Version: 130.0.327.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2011.0104.2155.39304 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G3010 (HKLM\...\{3B3FA519-42F3-4534-B867-960481329CFC}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
hpg3010 (x32 Version: 14.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Media Add-ons for Acronis True Image Home 2012 (HKLM-x32\...\{9A5509EE-5579-46C1-B566-5065545547F9}) (Version: 15.0.5060 - Acronis)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
Navtech PBS (HKLM-x32\...\{97FD5C10-E5F1-49FA-A757-3C5B088D6CCC}) (Version: 14.7.13 - Navtech Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.369.000 - Hewlett-Packard) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (x32 Version: 130.0.128.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Samsung Re-Drive (HKLM-x32\...\{500BDCEA-4EFA-4DC3-9768-74C1A2C3E48B}_is1) (Version: 1.6.0 - Samsung Electronics)
Zune (HKLM\...\Zune) (Version: 04.07.1404.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-05-31 18:11 - 00003378 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com

There are 55 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E87A7A2-43C0-4286-8328-8D4BE78408B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {274B70FF-1773-47A5-91B0-7D422A882FB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {2E988A2F-5472-4997-ACC1-05C191E9A34E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EE2FA1A6-3E7D-4BCF-A25D-FB1E26B2AA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {F3216CD2-D2CC-4388-904C-AD72E7841DDD} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-09-08 09:19 - 2008-09-08 09:19 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-01-04 21:54 - 2011-01-04 21:54 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-26 16:08 - 2010-08-26 16:08 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-05-09 22:09 - 2010-08-11 18:19 - 00056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-05-09 22:09 - 2010-08-11 18:19 - 00113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-05-09 22:09 - 2010-08-11 18:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2013-12-18 12:19 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
2014-10-19 09:05 - 2014-10-19 09:05 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-05-09 22:03 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-28 17:34 - 2012-06-28 17:34 - 00018816 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-667926241-938725764-3588881007-500 - Administrator - Disabled)
Guest (S-1-5-21-667926241-938725764-3588881007-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-667926241-938725764-3588881007-1002 - Limited - Enabled)
Scott (S-1-5-21-667926241-938725764-3588881007-1000 - Administrator - Enabled) => C:\Users\Scott

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 00:21:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/11/2015 10:03:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2015 10:30:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/09/2015 01:20:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/08/2015 10:24:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/08/2015 10:04:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc0000005
Fault offset: 0x006b9000
Faulting process id: 0x14ec
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/08/2015 09:51:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Acrobat.exe version 11.0.0.379 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d5c

Start Time: 01d02b50c558d54d

Termination Time: 47

Application Path: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe

Report Id: be0b358d-9745-11e4-8f4c-180373b1ac40

Error: (01/07/2015 00:33:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/06/2015 00:22:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/05/2015 00:40:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (01/11/2015 09:29:01 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (01/11/2015 09:29:01 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/3427777506/

Error: (01/11/2015 09:29:01 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (01/11/2015 09:29:01 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/3427777506/

Error: (01/11/2015 09:28:35 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/10/2015 10:36:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/10/2015 01:02:50 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Scott-PCScottS-1-5-21-667926241-938725764-3588881007-1000LocalHost (Using LRPC)

Error: (01/10/2015 01:02:39 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Scott-PCScottS-1-5-21-667926241-938725764-3588881007-1000LocalHost (Using LRPC)

Error: (01/10/2015 01:02:24 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Scott-PCScottS-1-5-21-667926241-938725764-3588881007-1000LocalHost (Using LRPC)

Error: (01/10/2015 01:01:54 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Scott-PCScottS-1-5-21-667926241-938725764-3588881007-1000LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 29%
Total physical RAM: 6126.46 MB
Available physical RAM: 4336.61 MB
Total Pagefile: 6124.64 MB
Available Pagefile: 4037.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:105.99 GB) (Free:57.55 GB) NTFS
Drive w: (Audio/Video) (Fixed) (Total:1299.61 GB) (Free:1227.88 GB) NTFS
Drive y: (Misc Files) (Fixed) (Total:97.66 GB) (Free:77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B70CC00B)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=1299.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 69870F89)
Partition 1: (Not Active) - (Size=1024 KB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#15
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
... and here're are the results from the FRST scan on the second computer:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
Ran by Penny (administrator) on PENNY-PC on 12-01-2015 08:35:22
Running from T:\Penns\Desktop
Loaded Profile: Penny (Available profiles: Penny)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(DELL) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403080 2011-08-05] (Acronis)
HKLM-x32\...\Run: [Chicony_OSD] => C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5919584 2011-08-05] (Acronis)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\Run: [EPSON Stylus Photo R2400] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9SA.EXE [211456 2007-01-10] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\MountPoints2: {6d0b6bc9-f623-11e3-a601-08edb918fe60} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\MountPoints2: {ad14f261-9550-11e3-9d3e-08edb918fe60} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\MountPoints2: {cc79ac66-2d35-11e4-9835-08edb918fe60} - E:\LaunchU3.exe -a
Startup: C:\Users\Penny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4134255270-1962352870-800200895-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://blu176.mail....t.aspx?id=64855
HKU\S-1-5-21-4134255270-1962352870-800200895-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DB6C007C-1940-4338-A612-DD407DC33C60} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {DB6C007C-1940-4338-A612-DD407DC33C60} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4134255270-1962352870-800200895-1000 -> {DB6C007C-1940-4338-A612-DD407DC33C60} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-16]
FF HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\Firefox\Extensions: [{717c119a-bfb3-4c72-bcd6-ce45159a822d}] - C:\Program Files (x86)\Re-markit\136.xpi

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) [File not signed]
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 DCamUSBVM; C:\Windows\System32\Drivers\usbVM31b.sys [142336 2005-09-19] (Vimicro Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [142944 2013-12-18] (Acronis)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 08:35 - 2015-01-12 08:35 - 00000000 ____D () C:\FRST
2015-01-12 08:31 - 2015-01-12 08:31 - 00000000 ___RD () C:\Users\Penny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-18 09:48 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:48 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 08:35 - 2012-05-15 17:11 - 01665312 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 08:31 - 2014-06-21 12:14 - 00011856 _____ () C:\Windows\setupact.log
2015-01-12 08:31 - 2014-01-31 12:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 08:31 - 2013-12-16 13:56 - 00000000 ____D () C:\Users\Penny\AppData\Local\Adobe
2015-01-12 08:31 - 2012-05-15 17:44 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-12 08:31 - 2012-05-15 17:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-12 08:31 - 2012-05-15 17:32 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-12 08:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 05:43 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 05:43 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 05:39 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-08 11:24 - 2014-01-31 12:46 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 09:36 - 2013-12-17 11:00 - 00000000 ____D () C:\Users\Penny\AppData\Local\CrashDumps
2015-01-03 10:44 - 2013-12-10 16:50 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-01 10:29 - 2013-12-16 12:00 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-01-01 10:29 - 2013-12-10 16:50 - 00004268 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-13 13:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

Files to move or delete:
====================
C:\Users\Penny\en_res.dll
C:\Users\Penny\es_res.dll
C:\Users\Penny\fr_res.dll
C:\Users\Penny\grm_res.dll
C:\Users\Penny\it_res.dll
C:\Users\Penny\jp_res.dll
C:\Users\Penny\mfc80u.dll
C:\Users\Penny\msvcr80.dll
C:\Users\Penny\PCPE Setup.exe
C:\Users\Penny\pt_res.dll
C:\Users\Penny\ResourceReader.dll
C:\Users\Penny\ru_res.dll
C:\Users\Penny\zh_res.dll


Some content of TEMP:
====================
C:\Users\Penny\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 11:25

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
Ran by Penny at 2015-01-12 08:35:39
Running from T:\Penns\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Acronis True Image Home 2012 (HKLM-x32\...\{D496F7BC-6AE5-4A3E-85E6-605BDF92AFD8}Visible) (Version: 15.0.5060 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.5060 - Acronis) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BufferChm (x32 Version: 130.0.327.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
Family Tree Maker 2008 (HKLM-x32\...\InstallShield_{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}) (Version: 17.0.7 - The Generations Network)
Family Tree Maker 2008 (x32 Version: 17.0.7 - The Generations Network) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G3010 (HKLM\...\{3B3FA519-42F3-4534-B867-960481329CFC}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
hpg3010 (x32 Version: 14.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.369.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.128.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4134255270-1962352870-800200895-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Penny\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4134255270-1962352870-800200895-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Penny\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4134255270-1962352870-800200895-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Penny\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4134255270-1962352870-800200895-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Penny\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4134255270-1962352870-800200895-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Penny\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

03-12-2014 13:27:22 Windows Update
07-12-2014 18:14:10 Windows Update
10-12-2014 16:36:02 Windows Update
12-12-2014 16:37:57 Windows Update
16-12-2014 11:15:06 Windows Update
18-12-2014 16:21:51 Windows Update
01-01-2015 10:14:18 Windows Update
05-01-2015 09:48:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-06-22 11:18 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2F646BF6-73C8-4A3E-94AB-5D91AAD9CC37} - System32\Tasks\Idle-Crawler Runner => %LOCALAPPDATA%\Idle-Crawler\Idle-Crawler.exe <==== ATTENTION
Task: {35579AA0-080E-4168-81B7-BACE37DFB952} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {60A100DB-D952-4D15-B17B-BD98428DB9A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {630D2ADE-3739-4755-813C-34F574EA73B9} - System32\Tasks\AdobeAAMUpdater-1.0-Penny-PC-Penny => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {7138BF8F-EACE-4165-9687-2BDF710B7A62} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {8724F3E4-4751-4D42-A053-75EC6320ACB0} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-Crawler Update => %LOCALAPPDATA%\Idle-Crawler\Idle-Crawler.exe <==== ATTENTION
Task: {99E56CED-C026-4416-A142-09029661551F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {9AB09109-9B3C-41EC-9686-1424C3B1BF9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {ADEE35FE-42C6-4FA3-8184-943EFACCB976} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {AF30E9E1-DB80-4CE1-A1E2-FAFE17E7E642} - System32\Tasks\Windows Updater => C:\Users\Penny\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
Task: {BDD59E3D-FB5B-401C-A2AB-42CEF54C6161} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {BFBC8955-32DB-42A0-9C45-34734D9E7F7B} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {D3D6EDC0-25EE-4A0E-A004-53A24853F66C} - System32\Tasks\RunAsStdUser Task => C:\Users\Penny\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {DE83F062-BBEC-45C2-9C3D-51A98FC70B27} - \Oxy No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-15 17:26 - 2012-01-21 11:35 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-05-15 17:23 - 2011-01-12 19:17 - 00053248 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
2011-10-25 21:29 - 2011-10-25 21:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-15 17:32 - 2012-01-26 21:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-05-15 17:23 - 2011-03-11 11:09 - 00028672 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\INDICATOR_OSD.DLL
2014-10-19 08:37 - 2014-10-19 08:37 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0117b06813514c944b5018759c67248a\IsdiInterop.ni.dll
2012-05-15 17:23 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-15 17:25 - 2012-01-21 06:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2011-08-05 09:01 - 2011-08-05 09:01 - 00018784 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4134255270-1962352870-800200895-500 - Administrator - Disabled)
Guest (S-1-5-21-4134255270-1962352870-800200895-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4134255270-1962352870-800200895-1002 - Limited - Enabled)
Penny (S-1-5-21-4134255270-1962352870-800200895-1000 - Administrator - Enabled) => C:\Users\Penny

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 08:33:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 05:37:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 10:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 09:49:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 09:36:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: kernel32.dll, version: 6.1.7601.18409, time stamp: 0x53159a85
Exception code: 0xc0000005
Fault offset: 0x00011398
Faulting process id: 0x2310c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/05/2015 09:39:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 10:23:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 09:16:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 10:46:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 10:15:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/12/2015 08:34:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/12/2015 08:33:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (01/12/2015 08:31:49 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Acronis Sync Agent Service service terminated with service-specific error %%26345498.

Error: (01/12/2015 08:31:41 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/09/2015 05:37:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/09/2015 05:37:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (01/09/2015 05:35:12 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Acronis Sync Agent Service service terminated with service-specific error %%26345498.

Error: (01/09/2015 05:35:04 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/08/2015 10:22:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (01/08/2015 10:16:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (01/12/2015 08:33:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 05:37:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 10:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 09:49:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 09:36:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddcckernel32.dll6.1.7601.1840953159a85c0000005000113982310c01d02b4ef0c2572cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\kernel32.dllbcae4902-9743-11e4-98a2-d4bed9a4e152

Error: (01/05/2015 09:39:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 10:23:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 09:16:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 10:46:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 10:15:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 8155.28 MB
Available physical RAM: 5183.41 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 4754.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:106.99 GB) (Free:61.88 GB) NTFS
Drive p: (Photoshop) (Fixed) (Total:488.27 GB) (Free:350.52 GB) NTFS
Drive s: (Cricut/Pics) (Fixed) (Total:371.09 GB) (Free:219.93 GB) NTFS
Drive t: (Other Data) (Fixed) (Total:72.14 GB) (Free:36.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 06950B27)
Partition 1: (Not Active) - (Size=1024 KB) - (Type=DE)
Partition 2: (Active) - (Size=12.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A95F4FB2)
Partition 1: (Not Active) - (Size=488.3 GB) - (Type=05)
Partition 2: (Active) - (Size=371.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=72.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP