[drush66]

Hello my name is David, for the past two weeks my computer is showing the message "Windows cannot find ‘c:\microsoft_sdk\lib\include\iexploror.exe’. Make sure you typed the name correctly and then try again." It doesn't seem like it's having a big impact on anything except how long it takes my pc to start up. Any help would be appreciated.

[Advertisements]

Hi and welcome to Geeks to Go.

Which Operating System does your machine have?

If unsure click on this link: Which Windows operating system am I running?

[Dakeyras]

Hi and welcome to Geeks to Go.

Which Operating System does your machine have?

If unsure click on this link: Which Windows operating system am I running?

[drush66]

Hi thanks for responding. I have windows 7 home SP1

[Dakeyras]

Hi.

Hi thanks for responding. I have windows 7 home SP1

Acknowledged and you're welcome! Please take note of the below...

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan with aswMBR:

Please download aswMBR to your desktop.

Alternate downloads are here and here.

• Right-click on aswMBR.exe and select Run as Administrator to launch the application.
• If a prompt stating: The computer supports "Virtualization Technology" appears >> select Yes
• When prompted with: The application can use the Avast! Free Antivirus for scanning >> select Yes
• The Avast! virus definitions database will automatically be downloaded. Be patient this make take some time depending on the speed of your Internet Connection.
• Once it has downloaded >> ensure the option next to AV scan: >> QuickScan is selected only. It should be by default.
• Now click on the Scan button to start the scan.
• On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
• Click on Exit.

Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 32-Bit to your desktop.

Note: If FRST informs you when ran, the version downloaded is incompatible with your system, delete it and download this version instead:

Farbar Recovery Scan Tool 64-Bit

• Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
• After the tool has checked for any updates and The tool is ready to use is denoted:-
• Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
• Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
• At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
• There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• aswMBR Log.
• Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

[drush66]

nothing other than slow startup time

[drush66]

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-01-28 20:38:28
-----------------------------
20:38:28.205    OS Version: Windows x64 6.1.7601 Service Pack 1
20:38:28.205    Number of processors: 4 586 0x2A07
20:38:28.205    ComputerName: DAVID-PC  UserName: David
20:38:29.453    Initialize success
20:38:29.453    VM: initialized successfully
20:38:29.468    VM: Intel CPU supported
20:38:31.379    VM: supported disk I/O iaStor.sys
20:39:02.220    AVAST engine defs: 15012801
20:39:11.486    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:39:11.486    Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
20:39:11.642    VM: Disk 0 MBR read successfully
20:39:11.642    Disk 0 MBR scan
20:39:11.658    Disk 0 Windows 7 default MBR code
20:39:11.673    Disk 0 Partition 1 00     DE   Dell Utility DELL 8.0      100 MB offset 2048
20:39:11.689    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS        15000 MB offset 206848
20:39:11.689    Disk 0 default boot code
20:39:11.720    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       461836 MB offset 30926848
20:39:11.814    Disk 0 scanning C:\windows\system32\drivers
20:39:30.238    Service scanning
20:40:11.656    Modules scanning
20:40:11.656    Disk 0 trace - called modules:
20:40:11.687    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:40:11.687    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800786b060]
20:40:11.687    3 CLASSPNP.SYS[fffff88001af543f] -> nt!IofCallDriver -> [0xfffffa8005986540]
20:40:11.687    5 ACPI.sys[fffff88000fa27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005990050]
20:40:12.966    AVAST engine scan C:\windows
20:40:19.315    AVAST engine scan C:\windows\system32
20:45:03.501    AVAST engine scan C:\windows\system32\drivers
20:45:26.339    AVAST engine scan C:\Users\David
20:45:33.437    File: C:\Users\David\AppData\Local\Babylon\Setup\Setup.exe  **INFECTED** Win32:Malware-gen
21:05:30.335    File: C:\Users\David\AppData\Local\tmp31906\dag31906.exe  **INFECTED** Win32:Malware-gen
21:17:24.914    AVAST engine scan C:\ProgramData
21:26:58.825    Disk 0 statistics 4722592/0/22 @ 1.09 MB/s
21:26:58.825    Scan finished successfully
23:35:55.323    Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
23:35:55.354    The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"
 

[drush66]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by David (administrator) on DAVID-PC on 28-01-2015 23:40:01
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available profiles: David)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [fst_us_159] => [X]
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM\...\Winlogon: [Userinit] C:\windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\Run: [Ctfmom] => wscript.exe "C:\Microsoft__Sdk\lib\include\cc1xm.js"
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\Run: [DellSystemDetect] => C:\Users\David\AppData\Local\Apps\2.0\91P5E215.M6Y\Q62L3RTL.657\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-15] (Dell)
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\MountPoints2: {44136638-f81e-11e3-8a4d-4c809380df53} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\MountPoints2: {4a1dccb0-5483-11e2-8223-4c809380df53} - E:\WIN\setup.exe
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\MountPoints2: {766361be-8c37-11e1-9c1e-806e6f6e6963} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
URLSearchHook: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://rocket-find.c...r=940102270&ir=
SearchScopes: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://rocket-find.c...r=940102270&ir=
SearchScopes: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 -> {2B4DE3F8-4548-47F1-9142-8565CFF63BA1} URL = http://www.ant.com/web/{searchTerms}/
SearchScopes: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.babylo...0004c809380df50
SearchScopes: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 -> {E0F5D6F9-82B5-4EA7-935F-2BFB32E769D7} URL = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-1296988442-1122695392-3641177929-1000 -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11F005A7-1443-46B7-AF39-C34240C85AB5}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{274C4C44-834B-40AF-83D3-1224A5CA5C8A}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{596E6A11-FF9B-4EE6-BC10-A5BABA1E074A}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{92202065-61EE-4773-90CE-D61402897708}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A9D3F406-BAFA-4018-AA67-823AA6B8AE8A}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C2B68961-0670-431E-B8E5-71A4B3FD0EB8}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C906732A-6732-4AE2-A0B5-C77E888BA2D9}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CD168A06-2750-4B77-8D3E-07DB96ACB6EB}: [NameServer] 8.8.8.8,8.8.8.8
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ev68jngk.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rocket New Tab) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-09-28]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-09-26]
CHR Extension: (uTorrentControl2) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2014-09-28]
CHR HKLM\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\David\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-03-06]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\David\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-09] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [49232 2010-05-17] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [285696 2009-08-04] (Sierra Wireless Inc.) [File not signed]
R3 swvspser; C:\Windows\System32\DRIVERS\swvspser.sys [34304 2009-08-13] (Sierra Wireless Inc.)
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [54640 2014-03-24] (Thesycon GmbH, Germany)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S1 {2b929fe1-284b-4766-afb9-19b0915b99b0}w64; system32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}w64.sys [X]
S1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [X]
U3 aswMBR; \??\C:\Users\David\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\David\AppData\Local\Temp\aswVmm.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\AMPPAL.sys D86564B66FB10C73C13F40F7D8E40FE6
C:\Windows\System32\DRIVERS\amppal.sys D86564B66FB10C73C13F40F7D8E40FE6
C:\Windows\System32\DRIVERS\Apfiltr.sys 24ED0EB2B2558970176ECEE680F8F806
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\drivers\btmaud.sys 274E47BD9C1367BDBFA9DF10C2E6C544
C:\Windows\System32\DRIVERS\btmaux.sys 75EAB5AAF6E9F83739249CE60B4B9C39
C:\Windows\System32\DRIVERS\btmhsf.sys 40C6FEC49D1CC4D112368A2BCD2BCBB7
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys DF214BFF646880D0EB31BDC86136B29B
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\iBtFltCoex.sys FC47F5CF561BF0FD897EFD1A9604DCCF
C:\Windows\System32\DRIVERS\igdkmd64.sys B9857625DF8B539ABCB90E15B5716568
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys CADDF0927DAC63EDAE48F5C35A61D87D
C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iwdbus.sys 716F66336F10885D935B08174DC54242
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Netwsw00.sys D39BFDCB570E9019831901AB1B8B4443
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
C:\Windows\System32\DRIVERS\NNSAlpc.sys ACC47D60E202EBA0A8A80768EC5D3C97
C:\Windows\System32\DRIVERS\NNSHttp.sys 4C7EAD79B914ADE44D68171AFEEF2AB3
C:\Windows\System32\DRIVERS\NNSHttps.sys B40C57451477334E8A66F4823BE04AE3
C:\Windows\System32\DRIVERS\NNSIds.sys 222CF23D6FCEB616CA48BBA55FC4D5C0
C:\Windows\System32\DRIVERS\NNSNAHSL.sys 735143727C4438A72490A2432E7D5CEA
C:\Windows\System32\DRIVERS\NNSPicc.sys C5332A1FB751B8D5FD9D424D330BC91B
C:\Windows\System32\DRIVERS\NNSPihsw.sys AA1A311C019288FFCCF3661B5EA27A99
C:\Windows\System32\DRIVERS\NNSPop3.sys EB153B4FA5200D1D3352D6C3FB7C9C38
C:\Windows\System32\DRIVERS\NNSProt.sys 425356A7A3657174C206AA3FDB3DDD35
C:\Windows\System32\DRIVERS\NNSPrv.sys FFDF3257F83A094941005EE607B8A905
C:\Windows\System32\DRIVERS\NNSSmtp.sys DE87A11CB1767ABDDE223D4CC0F7C221
C:\Windows\System32\DRIVERS\NNSStrm.sys 537FB2F711E65475562FE29877F108E1
C:\Windows\System32\DRIVERS\NNSTlsc.sys 4F37DC4420A00BC6E9D22E3590806BFC
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 158AD24745BD85BA9BE3C51C38F48C32
C:\Windows\System32\DRIVERS\nusb3xhc.sys D40A13B2C0891E218F9523B376955DB6
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PSINAflt.sys ABF42AF66C50E3FBAD2280020360920E
C:\Windows\System32\DRIVERS\PSINFile.sys 54C28488E5F038B29E2D80DBFC910666
C:\Windows\System32\DRIVERS\psinknc.sys 305FCF2F725B806BC5E69AC95340A271
C:\Windows\System32\DRIVERS\PSINProc.sys ED6B1CDE5B178B057F64B2AF682EB45A
C:\Windows\System32\DRIVERS\PSINProt.sys 171F1C6F49142F2D1C174B817F46EC0F
C:\Windows\System32\DRIVERS\PSINReg.sys 6A19A5665FBE15D63046B20BB0BFD7AB
C:\Windows\System32\DRIVERS\PSKMAD.sys 105ACC469DF34C8BD0D5E68A70C774E5
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys BE29B0A3AC1E8BD02FFAB8CEE86BADFA
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys EF5ACDE92BA3F691BBFEF781CB063501
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swmsflt.sys 8715291C6DE589A3ED0B18B0BEC1C37F
C:\Windows\System32\DRIVERS\swmx00.sys C6E3686379E96A91CD7FF7ACE53061FD
C:\Windows\System32\DRIVERS\SWNC5E00.sys B053610BB36D9BD1BFF7102727427600
C:\Windows\System32\DRIVERS\swvspser.sys 190975A4168F19DA5C02D3F41E84D5D2
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys 91D3C92A44FC682DD791147604E79152
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys F7FFDF2A1D19A76A87759126B244C816
C:\Windows\System32\DRIVERS\usbhub.sys 245FE7FC634D6A993E682E0A9EBA4ABB
C:\Windows\System32\Drivers\dsiarhwprog_x64.sys D7E022F990ED972904F2E5592CEB35A1
C:\Windows\system32\drivers\usbohci.sys C1A8966E0D09BFB501045105B30D86F2
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 2E682DCE4319A90E02A327F8A427544A
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 23:40 - 2015-01-28 23:43 - 00043942 _____ () C:\Users\David\Downloads\FRST.txt
2015-01-28 23:38 - 2015-01-28 23:40 - 00000000 ____D () C:\FRST
2015-01-28 23:37 - 2015-01-28 23:37 - 02130432 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2015-01-28 23:35 - 2015-01-28 23:35 - 00002466 _____ () C:\Users\David\Desktop\aswMBR.txt
2015-01-28 23:35 - 2015-01-28 23:35 - 00000512 _____ () C:\Users\David\Desktop\MBR.dat
2015-01-28 20:05 - 2015-01-28 20:05 - 05200384 _____ (AVAST Software) C:\Users\David\Downloads\aswmbr.exe
2015-01-28 11:52 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2015-01-27 22:46 - 2015-01-27 22:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 20:53 - 2015-01-27 22:30 - 00000039 _____ () C:\Users\David\Desktop\malware problem.txt
2015-01-17 11:01 - 2015-01-17 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-17 10:36 - 2015-01-17 10:37 - 01630952 _____ () C:\Users\David\Downloads\PANDAFREEAV.exe
2015-01-17 10:34 - 2015-01-17 10:34 - 00001024 _____ () C:\windows\system32\Drivers\etc\hosts.bak
2015-01-17 10:33 - 2015-01-17 11:01 - 00000000 ____D () C:\Users\David\AppData\Roaming\Panda Security
2015-01-17 10:33 - 2015-01-17 11:01 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-17 10:31 - 2015-01-17 11:01 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-17 10:31 - 2015-01-17 10:31 - 01649936 _____ () C:\Users\David\Downloads\PANDAAP15.exe
2015-01-15 16:36 - 2015-01-15 16:36 - 00015822 _____ () C:\windows\system32\results.xml
2015-01-15 16:33 - 2012-05-15 07:13 - 00144896 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2015-01-15 16:33 - 2012-05-15 07:13 - 00020992 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2015-01-15 16:33 - 2012-05-15 06:20 - 00104448 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2015-01-15 16:33 - 2012-05-15 06:20 - 00017920 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2015-01-15 16:29 - 2012-11-15 06:30 - 05899832 _____ (Intel Corporation) C:\windows\system32\GfxUI.exe
2015-01-15 16:29 - 2012-11-15 06:30 - 00510008 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe
2015-01-15 16:29 - 2012-11-15 06:30 - 00441912 _____ (Intel Corporation) C:\windows\system32\igfxpers.exe
2015-01-15 16:29 - 2012-11-15 06:30 - 00399416 _____ (Intel Corporation) C:\windows\system32\hkcmd.exe
2015-01-15 16:29 - 2012-11-15 06:30 - 00277048 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2015-01-15 16:29 - 2012-11-15 06:30 - 00252472 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2015-01-15 16:29 - 2012-11-15 06:30 - 00185400 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2015-01-15 16:29 - 2012-11-15 06:30 - 00171064 _____ (Intel Corporation) C:\windows\system32\igfxtray.exe
2015-01-15 16:29 - 2012-11-15 02:03 - 12886528 _____ (Intel Corporation) C:\windows\system32\ig4icd64.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 12601856 _____ (Intel Corporation) C:\windows\system32\igdumd64.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 11155968 _____ (Intel Corporation) C:\windows\SysWOW64\igd10umd32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 11038208 _____ (Intel Corporation) C:\windows\SysWOW64\igdumd32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 10673152 _____ (Intel Corporation) C:\windows\SysWOW64\ig4icd32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 09000256 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2015-01-15 16:29 - 2012-11-15 02:03 - 04571136 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 03776512 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00963388 _____ () C:\windows\SysWOW64\igcodeckrng600.bin
2015-01-15 16:29 - 2012-11-15 02:03 - 00963388 _____ () C:\windows\system32\igcodeckrng600.bin
2015-01-15 16:29 - 2012-11-15 02:03 - 00604160 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00524800 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00519680 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00501760 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00482304 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00448512 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00441856 _____ (Intel Corporation) C:\windows\system32\igfxdev.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00440320 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00439808 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00439808 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrsve.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00437248 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00437248 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00435712 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00435712 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00432128 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00431104 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00429056 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00428544 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00410624 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00330240 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00286208 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc
2015-01-15 16:29 - 2012-11-15 02:03 - 00272928 _____ () C:\windows\SysWOW64\igvpkrng600.bin
2015-01-15 16:29 - 2012-11-15 02:03 - 00272928 _____ () C:\windows\system32\igvpkrng600.bin
2015-01-15 16:29 - 2012-11-15 02:03 - 00223233 _____ () C:\windows\system32\Gfxres.th-TH.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00216064 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00209727 _____ () C:\windows\system32\Gfxres.el-GR.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00193862 _____ () C:\windows\system32\Gfxres.ru-RU.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00180224 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00173568 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00165865 _____ () C:\windows\system32\Gfxres.ar-SA.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00163120 _____ () C:\windows\system32\Gfxres.ja-JP.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00158727 _____ () C:\windows\system32\Gfxres.he-IL.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00149390 _____ () C:\windows\system32\Gfxres.it-IT.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00147759 _____ () C:\windows\system32\Gfxres.ko-KR.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00147101 _____ () C:\windows\system32\Gfxres.de-DE.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00147010 _____ () C:\windows\system32\Gfxres.es-ES.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00145715 _____ () C:\windows\system32\Gfxres.ro-RO.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00145211 _____ () C:\windows\system32\Gfxres.fr-FR.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00144378 _____ () C:\windows\system32\Gfxres.tr-TR.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00143976 _____ () C:\windows\system32\Gfxres.pt-BR.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00143730 _____ () C:\windows\system32\Gfxres.nl-NL.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00143657 _____ () C:\windows\system32\Gfxres.hu-HU.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00142990 _____ () C:\windows\system32\Gfxres.pt-PT.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00142617 _____ () C:\windows\system32\Gfxres.sv-SE.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00142423 _____ () C:\windows\system32\Gfxres.pl-PL.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00142336 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00142008 _____ () C:\windows\system32\Gfxres.cs-CZ.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00141739 _____ () C:\windows\system32\Gfxres.fi-FI.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00141574 _____ () C:\windows\system32\Gfxres.sk-SK.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00140779 _____ () C:\windows\system32\Gfxres.hr-HR.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00137621 _____ () C:\windows\system32\Gfxres.sl-SI.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00137534 _____ () C:\windows\system32\Gfxres.nb-NO.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00136873 _____ () C:\windows\system32\Gfxres.da-DK.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00132360 _____ () C:\windows\system32\Gfxres.en-US.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00126976 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl
2015-01-15 16:29 - 2012-11-15 02:03 - 00126035 _____ () C:\windows\system32\Gfxres.zh-TW.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00124403 _____ () C:\windows\system32\Gfxres.zh-CN.resources
2015-01-15 16:29 - 2012-11-15 02:03 - 00116224 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v2843.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00080384 _____ () C:\windows\system32\igdde64.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00064512 _____ () C:\windows\SysWOW64\igdde32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00059425 _____ () C:\windows\system32\iglhxo64.vp
2015-01-15 16:29 - 2012-11-15 02:03 - 00059398 _____ () C:\windows\system32\iglhxg64.vp
2015-01-15 16:29 - 2012-11-15 02:03 - 00059230 _____ () C:\windows\system32\iglhxc64.vp
2015-01-15 16:29 - 2012-11-15 02:03 - 00059104 _____ () C:\windows\system32\iglhxc64_dev.vp
2015-01-15 16:29 - 2012-11-15 02:03 - 00058796 _____ () C:\windows\system32\iglhxg64_dev.vp
2015-01-15 16:29 - 2012-11-15 02:03 - 00058109 _____ () C:\windows\system32\iglhxo64_dev.vp
2015-01-15 16:29 - 2012-11-15 02:03 - 00028672 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2015-01-15 16:29 - 2012-11-15 02:03 - 00017026 _____ () C:\windows\system32\iglhxs64.vp
2015-01-15 16:29 - 2012-11-15 02:03 - 00009728 _____ ( ) C:\windows\system32\IGFXDEVLib.dll
2015-01-15 16:29 - 2012-06-19 22:40 - 00342528 _____ (Intel® Corporation) C:\windows\system32\Drivers\IntcDAud.sys
2015-01-15 16:29 - 2012-06-19 22:40 - 00016896 _____ (Intel® Corporation) C:\windows\system32\IntcDAuC.dll
2015-01-15 16:28 - 2015-01-15 16:29 - 155846056 _____ () C:\Users\David\Downloads\Vedio_Intel_W84_X00_A01_Setup-5PFY2_ZPE.exe
2015-01-15 16:17 - 2015-01-15 16:19 - 477268104 _____ () C:\Users\David\Downloads\Video_AMD_W7W8_A01_Setup-HC6HJ_ZPE.exe
2015-01-15 16:15 - 2015-01-15 16:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-01-15 16:14 - 2015-01-15 16:14 - 00000000 ____D () C:\ProgramData\Intel.sav
2015-01-15 16:14 - 2015-01-15 16:14 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-01-15 16:10 - 2015-01-15 16:10 - 126311440 _____ (Dell Inc.) C:\Users\David\Downloads\N5110_Network_Driver_P7G35_WN_15.6.1_A03.EXE
2015-01-15 15:50 - 2015-01-15 15:50 - 00000000 ____D () C:\Users\David\Desktop\Driver
2015-01-15 15:47 - 2015-01-15 15:47 - 00417064 _____ () C:\Users\David\Downloads\DellSystemDetect.exe
2015-01-15 15:47 - 2015-01-15 15:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-15 09:32 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 15:18 - 2015-01-14 15:18 - 04877488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 13:46 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 13:46 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 13:46 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 13:46 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 13:46 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 13:46 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 13:46 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 13:46 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 13:46 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 13:46 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 13:46 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 13:46 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-03 14:59 - 2015-01-17 10:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-03 14:50 - 2015-01-03 14:50 - 00000000 ___RD () C:\Users\David\Creative Cloud Files
2015-01-03 14:44 - 2015-01-03 14:44 - 00672432 _____ (Adobe Systems Incorporated) C:\Users\David\Downloads\CreativeCloudSet-Up.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 23:18 - 2012-04-03 12:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 22:49 - 2012-01-05 07:32 - 02096521 _____ () C:\windows\WindowsUpdate.log
2015-01-28 20:07 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 20:07 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 20:06 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-28 20:00 - 2012-02-15 20:15 - 00000000 ____D () C:\Users\David\AppData\Local\SoftThinks
2015-01-28 19:59 - 2014-09-10 14:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 19:59 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-28 19:59 - 2009-07-13 23:51 - 00116421 _____ () C:\windows\setupact.log
2015-01-28 15:15 - 2014-02-03 12:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 14:37 - 2012-01-05 07:34 - 00000000 ____D () C:\Intel
2015-01-17 18:58 - 2009-07-13 23:45 - 04971840 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-17 14:51 - 2014-10-19 11:02 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2015-01-17 12:40 - 2014-07-16 22:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\serv
2015-01-17 11:54 - 2012-02-15 20:48 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2015-01-17 11:54 - 2012-01-05 07:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-17 11:52 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 11:50 - 2014-12-08 09:54 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2015-01-17 11:48 - 2012-01-05 07:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-17 11:45 - 2014-07-16 22:44 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-v2
2015-01-17 11:01 - 2012-02-15 20:15 - 00110184 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 10:55 - 2010-11-20 22:47 - 00325030 _____ () C:\windows\PFRO.log
2015-01-17 10:42 - 2012-01-05 08:00 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-17 10:10 - 2012-03-06 14:39 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-16 20:43 - 2012-03-14 19:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-15 16:33 - 2012-01-05 07:43 - 00000000 ____D () C:\ProgramData\Intel
2015-01-15 16:33 - 2012-01-05 07:34 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-15 16:20 - 2012-01-05 10:19 - 00000000 ____D () C:\Dell
2015-01-15 16:16 - 2012-01-05 07:44 - 00000000 ____D () C:\Program Files\Intel
2015-01-15 16:15 - 2014-07-16 22:43 - 00000000 ____D () C:\Users\HomeGroupUser$
2015-01-15 16:15 - 2014-07-16 22:43 - 00000000 ____D () C:\Users\Guest
2015-01-15 16:15 - 2014-07-16 22:43 - 00000000 ____D () C:\Users\Administrator
2015-01-15 16:14 - 2012-01-05 07:39 - 00027740 _____ () C:\windows\DPINST.LOG
2015-01-15 16:14 - 2012-01-05 07:35 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-15 16:13 - 2012-03-24 14:44 - 00000438 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-01-15 16:12 - 2014-12-25 23:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-15 16:11 - 2012-01-05 07:40 - 00000000 ____D () C:\ProgramData\Dell
2015-01-15 15:49 - 2014-07-15 00:03 - 00000000 ____D () C:\Users\David\AppData\Local\Deployment
2015-01-15 03:10 - 2013-09-10 14:01 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 03:01 - 2012-03-15 11:49 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 15:18 - 2012-04-03 12:22 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 15:18 - 2012-01-05 07:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-10 13:49 - 2014-11-16 00:06 - 00000000 ____D () C:\Users\David\Desktop\Yu-Gi-Oh! GX - Duel Academy
2015-01-10 13:49 - 2012-03-14 15:03 - 00000000 ____D () C:\Users\David\Documents\MS Word
2015-01-03 15:13 - 2012-03-09 14:12 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-03 14:50 - 2012-02-15 20:15 - 00000000 ____D () C:\Users\David
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-06-28 22:52 - 2012-06-29 02:04 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-07-06 21:25 - 2014-07-06 21:44 - 0026686 _____ () C:\Users\David\AppData\Local\10040004_loger_06_07_22_24_30_-185272099.txt
2012-02-15 21:31 - 2014-07-21 23:13 - 0014848 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-14 19:41 - 2013-03-14 19:45 - 0000600 _____ () C:\Users\David\AppData\Local\PUTTY.RND
2012-04-15 00:49 - 2014-07-19 23:36 - 0007604 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\_is1747.exe
C:\Users\David\AppData\Local\Temp\_is4BEF.exe
C:\Users\David\AppData\Local\Temp\_is69C9.exe
C:\Users\David\AppData\Local\Temp\_is7445.exe
C:\Users\David\AppData\Local\Temp\_isA746.exe
C:\Users\David\AppData\Local\Temp\_isAEB5.exe
C:\Users\David\AppData\Local\Temp\_isBF58.exe
C:\Users\David\AppData\Local\Temp\_isC40B.exe
C:\Users\David\AppData\Local\Temp\_isC552.exe
C:\Users\David\AppData\Local\Temp\{22F09FDD-A1DA-4DA6-8D5F-C5CA4782170D}.exe
C:\Users\David\AppData\Local\Temp\{E40BA7FF-D177-4D6E-AB25-86496F5D9EBB}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-28 21:47

==================== End Of Log ============================

[drush66]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by David at 2015-01-28 23:43:32
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Action Replay DSi Code Manager (HKLM\...\Action Replay DSi Code Manager_is1) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell System Detect (HKU\S-1-5-21-1296988442-1122695392-3641177929-1000\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG VZW United Drivers (HKLM-x32\...\{E86DE69E-A94E-41B6-8661-7372FCA1A83C}) (Version: 2.13.0 - LG Electronics)
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA PhysX (HKLM-x32\...\{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}) (Version: 9.10.0223 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sierra Wireless USB MUX Driver Package (HKLM-x32\...\{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}) (Version: 0.60.9 - Sierra Wireless)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.32.1010 - Electronic Arts Inc.)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices  (05/21/2012 2.40.0.0) (HKLM\...\7BD98A593B77F7A2CC2A9538524495FE39D5962E) (Version: 05/21/2012 2.40.0.0 - Datel Design & Development)
Windows Driver Package - Datel Design & Development USBIOControlledDevices  (05/21/2012 2.40.0.0) (HKLM\...\66D0EA0FEC96AC8BA6F5D30012E2C0BE83D4A67B) (Version: 05/21/2012 2.40.0.0 - Datel Design & Development)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-01-2015 16:12:04 Intel® PROSet/Wireless Software
15-01-2015 16:39:10 Windows Update
17-01-2015 10:12:28 Good System
17-01-2015 11:48:19 Removed Aion
20-01-2015 22:37:22 Windows Update
25-01-2015 14:40:11 Windows Update
28-01-2015 21:47:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-17 10:45 - 00000000 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1163FC7E-C96C-4F35-B6E2-1A5FC280B9CA} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {249ADFE6-9064-468E-8D6E-F300BD188D69} - \RealUpgradeScheduledTaskS-1-5-21-1296988442-1122695392-3641177929-1000 No Task File <==== ATTENTION
Task: {2567824B-1AB4-432B-B4A2-2082B60A0A5D} - \{7E61C332-067C-4034-83E6-6BC91ECD2475} No Task File <==== ATTENTION
Task: {30AF0D3E-8469-48BB-8715-777A274D7157} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5502B591-CB7C-42EE-B662-9A3AD0450EBA} - \RealUpgradeLogonTaskS-1-5-21-1296988442-1122695392-3641177929-1000 No Task File <==== ATTENTION
Task: {580A7701-E058-4F24-A0A2-0AA51FAABD7A} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {75839DF0-6DCC-43B5-A808-356BDCBD3EEA} - \PastaQuotes No Task File <==== ATTENTION
Task: {84F06726-C91C-4901-AEA7-DF02F556A8B0} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {8ED276E4-4739-4A64-9266-0EC93A3487F2} - \Express Files Updater No Task File <==== ATTENTION
Task: {9571E661-C564-4EBF-A3EC-70051F5CECD2} - \AdobeAAMUpdater-1.0-David-PC-David No Task File <==== ATTENTION
Task: {99A38865-241F-4ADF-98AA-5D5FA89B9214} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B30995AC-C341-47FF-A2D2-915D59A1E79D} - \{84787BC8-D1EF-48F5-AE59-D83B0358B203} No Task File <==== ATTENTION
Task: {B48BC9FD-80A5-42B0-B51B-811CFF8F99F5} - \LaunchSignup No Task File <==== ATTENTION
Task: {E1FA05D7-13FE-4765-AAF1-B4C8A67863DA} - \SystemToolsDailyTest No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-01-05 08:07 - 2010-08-11 19:19 - 00781536 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2012-01-05 09:06 - 2011-04-10 13:40 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2012-01-05 08:06 - 2010-08-11 19:19 - 00056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2012-01-05 08:06 - 2010-08-11 19:19 - 00113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2012-01-05 08:06 - 2010-08-11 19:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2012-01-05 08:06 - 2010-08-11 19:19 - 01121504 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2012-01-05 08:06 - 2010-08-11 19:19 - 00077024 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2012-01-05 08:06 - 2010-08-11 19:19 - 00232672 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2012-01-05 08:06 - 2010-08-11 19:19 - 00072928 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2012-01-05 08:06 - 2010-08-11 19:19 - 00109792 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2012-01-05 08:06 - 2010-08-11 19:19 - 00119008 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2014-10-19 13:09 - 2014-10-19 13:09 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-01-05 07:35 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-01-27 22:46 - 2015-01-27 22:46 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvgUpdater0814tb => C:\ProgramData\Avg_Update_0814tb\0814tb_{205447B4-D07D-429B-B959-87BE45DDD1B5}.exe  /SETINFO /CMPID=0814tb /INFORETRY=-31
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\David\AppData\Local\Apps\2.0\91P5E215.M6Y\Q62L3RTL.657\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
MSCONFIG\startupreg: Ilcsoft => C:\Users\David\AppData\Local\Ilcsoft\dating.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: notekeng => C:\windows\system32\sbuneout.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TrayIcRun => C:\Program Files (x86)\ArcadeWeb\tray.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1296988442-1122695392-3641177929-500 - Administrator - Disabled)
David (S-1-5-21-1296988442-1122695392-3641177929-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1296988442-1122695392-3641177929-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1296988442-1122695392-3641177929-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: {2b929fe1-284b-4766-afb9-19b0915b99b0}w64
Description: {2b929fe1-284b-4766-afb9-19b0915b99b0}w64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {2b929fe1-284b-4766-afb9-19b0915b99b0}w64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64
Description: {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2015 08:00:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 11:52:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 10:39:05 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/27/2015 10:29:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2015 02:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 07:41:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 02:33:46 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/22/2015 02:24:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 08:46:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 06:59:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/28/2015 08:00:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{2b929fe1-284b-4766-afb9-19b0915b99b0}w64
{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64

Error: (01/28/2015 08:00:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/28/2015 02:22:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (01/28/2015 02:22:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/28/2015 00:33:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (01/28/2015 00:33:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/28/2015 11:52:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{2b929fe1-284b-4766-afb9-19b0915b99b0}w64
{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64

Error: (01/28/2015 11:52:16 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/27/2015 10:29:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{2b929fe1-284b-4766-afb9-19b0915b99b0}w64
{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64

Error: (01/27/2015 10:29:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (01/28/2015 08:00:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 11:52:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 10:39:05 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/27/2015 10:29:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2015 02:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 07:41:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 02:33:46 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/22/2015 02:24:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 08:46:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 06:59:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-22 18:16:53.348
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\dsiarhwprog_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-22 18:16:53.152
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\dsiarhwprog_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-12 23:53:26.723
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-12 23:53:26.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-12 23:53:00.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-05 17:31:21.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-05 17:31:21.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-05 17:30:38.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-03 15:46:46.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-03 15:45:47.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 46%
Total physical RAM: 6051.18 MB
Available physical RAM: 3214.46 MB
Total Pagefile: 12100.54 MB
Available Pagefile: 9307.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:281.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 695DB2F1)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Dakeyras]

Hi.

nothing other than slow startup time

Acknowledged, lets proceed as follows...

Multiple Anti-Virus Advise:

It appears both Microsoft Security Essentials and Panda Free Antivirus are installed and active in system memory.This will actually be causing a system conflict(slow a system down and false positive detections etc) and decrease overall online protection. I advise you choose to uninstall one only via:-

Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features.

Uninstall Software:

Please also uninstall the following...

Google Chrome <-- This is currently the developer version and we will replace in due course.

Note: First backup any Chrome related bookmarks you wish to keep before uninstalling. If unsure how to instructions can be read:-

How to Export Bookmarks from Chrome

McAfee Security Scan Plus <-- No need for this.

Reinstall Chrome:

Now download the installer for Chrome to your desktop and then right-click on ChromeSetup.exe and select Run as Administrator to reinstall.

Custom FRST Script:

Note: The executable for FRST is currently in this location:

C:\Users\David\Downloads\FRST64.exe

Please move it to your desktop before proceeding further.

Then download the attached fixlist.txt(see below) and save to the desktop.

[attachment=75130:fixlist.txt]

• Now right-click on FRST.exe and select Run as Administrator to start FRST.
• Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
• Your machine should now automatically reboot itself.
• Post the contents of the newly created Fixlog in your next reply.

Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• Fix Log from the Custom Script.

[drush66]

ok so i went to unintstall the programs as instructed and was only able to find mcafee security scan plus. the other two programs dont appear in add or remove programs

[Dakeyras]

Hi.

I am surmising you are referring to Microsoft Security Essentials, as for google you can skip the reinstallation instructions for the time being...

Uninstall MSE:

Please download the Microsoft Security Essentials Removal Tool and save to the desktop.

Note: There are two versions, try version two first. If this fails download and try the other version.

Double-click on the MicrosoftFixit.msi you have just downloaded >> follow the prompts.

Reboot your machine upon completion if not advised to do so

Next:

Proceed to the Custom FRST Script instructions etc.

[Dakeyras]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.