[Washetoo]

Hello,
While internet browsing my computer somehow became infected by a virus.  Now most programs won't open at all or will open for a short time before freezing up.  I will have only five to ten minutes to complete any task before the computer totally freezes up.   I was able to run Malwarebytes while in safe mode and it identified Trojan.zekos.patched7645P0.  Malwarebytes then got hung up while running the heuristic analysis and by then the computer had started to lock up.  I was able to run the FRST tool and the results are attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Steven (administrator) on STEVEN-PC on 10-06-2015 19:10:00
Running from C:\Users\Steven.Steven-PC\Desktop
Loaded Profiles: Steven (Available Profiles: Steven)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
() C:\Program Files (x86)\Stardock\MyColors\wbvista.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dell) C:\Users\Steven.Steven-PC\AppData\Local\Apps\2.0\ZTHCPYXZ.HDR\GCG5ADT7.AY7\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\ESP64Proxy.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Alienware) C:\Program Files\Alienware\Command Center\DoorController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM-x32\...\Run: [SiHBAWakeupUtility] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\Run: [DellSystemDetect] => C:\Users\Steven.Steven-PC\AppData\Local\Apps\2.0\ZTHCPYXZ.HDR\GCG5ADT7.AY7\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-21] (Dell)
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\MountPoints2: {c5c64c74-964e-11e1-bd12-806e6f6e6963} - D:\FalloutLauncher.exe
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EasySetPackage.lnk [2014-06-14]
ShortcutTarget: EasySetPackage.lnk -> C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stardock MyColors.lnk [2014-06-14]
ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> DefaultScope {C9384CC4-10BA-4008-8F68-1BA0C82C3FC9} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> {61AB72F0-FF53-4C25-99D0-762F03A5DA1C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> {C9384CC4-10BA-4008-8F68-1BA0C82C3FC9} URL = https://search.yahoo...p={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.251

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR Profile: C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]
CHR Extension: (No Name) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeljlhkkoipjimklndofjoafhpccdfjo [2015-03-25]
CHR Extension: (Google Docs) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]
CHR Extension: (YouTube) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]
CHR Extension: (Google Search) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Google Sheets) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]
CHR Extension: (No Name) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-26]
CHR Extension: (Bookmark Manager) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-27]
CHR Extension: (Gmail) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-06-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-08-03] ()
R2 SiHbaWakeupService; C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe [62464 2009-07-27] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2009-12-22] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19456 2009-12-22] (LG Soft India) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2015-06-10] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 mio; C:\Windows\System32\DRIVERS\mio.sys [7680 2011-05-04] (Dell/Alienware)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 19:10 - 2015-06-10 19:11 - 00017356 _____ C:\Users\Steven.Steven-PC\Desktop\FRST.txt
2015-06-10 19:10 - 2015-06-10 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-10 19:09 - 2015-06-10 19:10 - 00000000 ____D C:\FRST
2015-06-10 19:09 - 2015-06-10 15:07 - 02108928 _____ (Farbar) C:\Users\Steven.Steven-PC\Desktop\FRST64.exe
2015-06-02 20:16 - 2015-06-02 20:16 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-18 20:32 - 2015-03-18 22:07 - 05503416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-18 20:32 - 2015-03-18 21:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-18 20:32 - 2015-03-18 21:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-18 19:23 - 2015-05-18 19:23 - 00000000 ____D C:\Users\Steven.Steven-PC\AppData\Local\openvr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 19:11 - 2009-07-14 00:13 - 00793298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 19:10 - 2014-05-04 10:07 - 00001844 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2015-06-10 19:09 - 2012-05-04 20:14 - 01278294 _____ C:\Windows\WindowsUpdate.log
2015-06-10 19:08 - 2012-05-08 17:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-10 19:08 - 2009-07-13 23:51 - 00043148 _____ C:\Windows\setupact.log
2015-06-10 19:07 - 2012-12-22 16:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-10 19:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 18:56 - 2014-06-18 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 07:40 - 2014-06-14 08:56 - 00000000 ____D C:\Windows\pss
2015-06-09 21:54 - 2012-12-22 16:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 19:57 - 2012-05-05 22:03 - 00091560 _____ C:\Windows\PFRO.log
2015-06-09 19:43 - 2009-07-13 23:45 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 19:43 - 2009-07-13 23:45 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 19:42 - 2012-05-05 21:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-08 22:06 - 2012-05-04 17:49 - 00000000 ____D C:\Users\Steven.Steven-PC
2015-06-08 21:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-08 21:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-05-30 22:03 - 2015-03-25 19:40 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-18 22:06 - 2012-05-04 17:26 - 00000000 ____D C:\Users\Steven
2015-05-18 21:29 - 2012-05-09 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-18 21:29 - 2012-05-09 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 20:47 - 2013-07-13 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-05-18 20:47 - 2012-05-07 21:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-18 20:43 - 2012-05-06 17:49 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 20:42 - 2012-05-09 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 19:08 - 2012-05-05 22:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-05-15 19:41 - 2012-12-22 16:31 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 19:41 - 2012-12-22 16:31 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-12 23:17 - 2014-11-27 00:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2012-05-20 14:13 - 2012-05-20 14:13 - 0000104 _____ () C:\Users\Steven.Steven-PC\AppData\Local\fusioncache.dat
2012-05-05 19:46 - 2013-01-03 23:54 - 0007605 _____ () C:\Users\Steven.Steven-PC\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Steven.Steven-PC\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Steven.Steven-PC\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\Steven.Steven-PC\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Steven.Steven-PC\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Attached Files

•  FRST.txt   22.48KB   489 downloads
•  Addition.txt   29.42KB   534 downloads

[Advertisements]

Hello Washetoo,

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

• Double click on ComboFix.exe & follow the prompts.
  
• If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  
• Your desktop may go blank. This is normal.
  
• ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  
• ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[emeraldnzl]

Hello Washetoo,

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

• Double click on ComboFix.exe & follow the prompts.
  
• If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  
• Your desktop may go blank. This is normal.
  
• ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  
• ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[Washetoo]

ComboFix reached stage 50 then stalled. At this point the computer was unresponsive so I shut it down.  I rebooted and tried to run ComboFix again, this time it reached stage 32 and stalled.

[emeraldnzl]

Hello Washetoo,

 

Combofix can take a long time especially if the computer is severely infected.

Having said that it can sometimes get conflict from other programs on the machine or an infection can stop it.

It may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below.

    Check your computer clock. If it is still running then so is ComboFix
    Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem     
    Usage then ComboFix is running

If ComboFix is definitely stalled then:

Open Task Manager and look for the following ComboFix related processes:

    PEV.exe
    NirCmd.cfxxe
    PEV.cfxxe
    SED
    GREP
     Any file that has the extension *.3XE

One at a time, right-click and select End Process.

With luck that will free ComboFix and allow it to continue. If that doesn't work then you will need to reboot the computer manually.

If you have to reboot manually come back and tell me.

[Washetoo]

Everything had locked up so I rebooted manually.

[emeraldnzl]

Navigate to C:\Combofix.txt where you should find some text folders which contain the Combofix logs.

Copy and paste back here. There should be at least two.

[Washetoo]

There is no C:\Combofix.txt or any Combofix logs.

[emeraldnzl]

I see, well let's do this then:

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. If it won't run please right click on tdskiller.exe and rename it to winlogon.exe and see if that allows you to run it.

• Then click on Change parameters in TDSSKiller.

• Another window will appear.

• Check all boxes then click OK.

• Click the Start Scan button.

• The scan should take no longer than 2 minutes.

• If a suspicious object is detected, the default action will be Skip, click on Continue.

• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

[Washetoo]

I am not able to paste in here for some reason so I have attached the TDSSKiller log.  I was not given the CURE option but I had the option to place the objects into quarantine or delete them.

Attached Files

•  TDSSKiller.3.0.0.44_13.06.2015_21.53.04_log.txt   192.6KB   517 downloads

Edited by Washetoo, 13 June 2015 - 09:13 PM.

[emeraldnzl]

 

I was not given the CURE option but I had the option to place the objects into quarantine or delete them.

 

That's okay.

 

McAfee used to be notorious for getting in the way of ComboFix, in fact we used to have to ask users to uninstall it while we were running our tools. I am wondering whether that is what caused the ComboFix problems...

 

In any event, moving on now:

 

Download RogueKiller to your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled.

• Quit all running programs
• For Vista and above, right click -> run as administrator, for XP simply run RogueKiller.exe
• Wait until Prescan has finished...
• Click on Scan (top of panel right hand side)
• Wait for the scan to finish.
• Click the report button, right hand panel.
• Do not click on any other buttons

Please copy and paste the contents of all the RKreport in your next Reply.

[Washetoo]

RogueKiller scan report is attached.

Attached Files

•  RKreport_SCN_06142015_082525.log   4.61KB   554 downloads

[emeraldnzl]

Download CKScanner from here

Important : Save it to your desktop.

• Doubleclick (Vista and above - right click and run as Administrator) CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next

 

Please run the MGA Diagnostic Tool and post back the report it produces:

• Download MGADiag to your desktop.
• Double-click on MGADiag.exe to launch the program
• Click "Continue"
• Ensure that the "Windows" tab is selected (it should be by default).
• Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
• Paste the MGA Diagnostic Report back here in your next reply.

So when you return please copy and paste into the thread

• CKFiles.txt
• MGA Diagnostic Report

[Washetoo]

Attached are the ckfiles and the MGA Diagnostic Report.

Attached Files

•  ckfiles.txt   127bytes   483 downloads
•  MGA Diagnostic Report.txt   5.36KB   523 downloads

[emeraldnzl]

Thank you.

 

Is there a reason you are not pasting the logs into the thread as requested?

 

Tell me when you return.

 

For now

 

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

[Washetoo]

I wasn't able to paste for some reason but I managed to paste these FRST scan logs this time.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Steven (administrator) on STEVEN-PC on 14-06-2015 22:38:33
Running from C:\Users\Steven.Steven-PC\Desktop
Loaded Profiles: Steven (Available Profiles: Steven)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
() C:\Program Files (x86)\Stardock\MyColors\wbvista.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dell) C:\Users\Steven.Steven-PC\AppData\Local\Apps\2.0\ZTHCPYXZ.HDR\GCG5ADT7.AY7\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\ESP64Proxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Alienware) C:\Program Files\Alienware\Command Center\DoorController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM-x32\...\Run: [SiHBAWakeupUtility] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\Run: [DellSystemDetect] => C:\Users\Steven.Steven-PC\AppData\Local\Apps\2.0\ZTHCPYXZ.HDR\GCG5ADT7.AY7\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-21] (Dell)
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EasySetPackage.lnk [2014-06-14]
ShortcutTarget: EasySetPackage.lnk -> C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stardock MyColors.lnk [2014-06-14]
ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> DefaultScope {C9384CC4-10BA-4008-8F68-1BA0C82C3FC9} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> {61AB72F0-FF53-4C25-99D0-762F03A5DA1C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> {C9384CC4-10BA-4008-8F68-1BA0C82C3FC9} URL = https://search.yahoo...&p={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.251

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR Profile: C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]
CHR Extension: (No Name) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeljlhkkoipjimklndofjoafhpccdfjo [2015-03-25]
CHR Extension: (Google Docs) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]
CHR Extension: (YouTube) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]
CHR Extension: (Google Search) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Google Sheets) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]
CHR Extension: (No Name) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-26]
CHR Extension: (Bookmark Manager) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-27]
CHR Extension: (Gmail) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-06-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 PEVSystemStart; C:\ComboFix\pev.3XE [256000 2011-06-26] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-08-03] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2009-12-22] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19456 2009-12-22] (LG Soft India) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2015-06-10] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 mio; C:\Windows\System32\DRIVERS\mio.sys [7680 2011-05-04] (Dell/Alienware)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 20:17 - 2015-06-14 20:17 - 00000127 _____ C:\Users\Steven.Steven-PC\Desktop\ckfiles.txt
2015-06-14 20:16 - 2015-06-14 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-14 19:55 - 2015-06-14 20:18 - 00000000 ____D C:\MGADiagToolOutput
2015-06-14 19:54 - 2015-06-14 19:54 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2015-06-14 19:51 - 2015-06-14 19:48 - 02031992 _____ (Microsoft Corporation) C:\Users\Steven.Steven-PC\Desktop\MGADiag.exe
2015-06-14 19:51 - 2015-06-14 19:47 - 00468480 _____ () C:\Users\Steven.Steven-PC\Desktop\CKScanner.exe
2015-06-14 08:25 - 2015-06-14 08:25 - 00004717 _____ C:\Users\Steven.Steven-PC\Desktop\RKreport_SCN_06142015_082525.log
2015-06-14 07:31 - 2015-06-14 08:20 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-14 07:31 - 2015-06-14 07:31 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-14 07:30 - 2015-06-14 07:28 - 17639160 _____ C:\Users\Steven.Steven-PC\Desktop\RogueKiller.exe
2015-06-13 21:53 - 2015-06-13 21:47 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Steven.Steven-PC\Desktop\tdsskiller.exe
2015-06-12 21:22 - 2015-06-13 07:13 - 00000000 ___SD C:\ComboFix
2015-06-12 20:47 - 2015-06-12 20:47 - 00000000 ____D C:\Qoobox
2015-06-12 20:47 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-12 20:47 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-12 20:47 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-12 20:47 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-12 20:47 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-12 20:47 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-12 20:47 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-12 20:47 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-12 20:46 - 2015-06-12 20:46 - 00000000 ____D C:\Windows\erdnt
2015-06-12 20:44 - 2015-06-12 20:37 - 05628161 ____R (Swearware) C:\Users\Steven.Steven-PC\Desktop\ComboFix.exe
2015-06-10 19:11 - 2015-06-10 19:11 - 00031009 _____ C:\Users\Steven.Steven-PC\Desktop\Addition.txt
2015-06-10 19:10 - 2015-06-14 22:39 - 00017252 _____ C:\Users\Steven.Steven-PC\Desktop\FRST.txt
2015-06-10 19:09 - 2015-06-14 22:38 - 00000000 ____D C:\FRST
2015-06-10 19:09 - 2015-06-10 15:07 - 02108928 _____ (Farbar) C:\Users\Steven.Steven-PC\Desktop\FRST64.exe
2015-06-02 20:16 - 2015-06-02 20:16 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-18 20:32 - 2015-03-18 22:07 - 05503416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-18 20:32 - 2015-03-18 21:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-18 20:32 - 2015-03-18 21:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-18 19:23 - 2015-05-18 19:23 - 00000000 ____D C:\Users\Steven.Steven-PC\AppData\Local\openvr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 22:37 - 2012-12-22 16:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-14 22:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-14 22:37 - 2009-07-13 23:51 - 00044156 _____ C:\Windows\setupact.log
2015-06-14 20:16 - 2014-05-04 10:07 - 00001844 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2015-06-14 20:16 - 2012-05-04 20:14 - 01361578 _____ C:\Windows\WindowsUpdate.log
2015-06-14 20:16 - 2009-07-14 00:13 - 00793298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-14 07:36 - 2009-07-13 23:45 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-14 07:36 - 2009-07-13 23:45 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-13 22:08 - 2012-05-08 17:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-13 07:12 - 2012-05-05 22:03 - 00092658 _____ C:\Windows\PFRO.log
2015-06-12 20:46 - 2012-12-22 16:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-12 20:40 - 2009-07-14 00:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-10 18:56 - 2014-06-18 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 07:40 - 2014-06-14 08:56 - 00000000 ____D C:\Windows\pss
2015-06-09 19:42 - 2012-05-05 21:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-08 22:06 - 2012-05-04 17:49 - 00000000 ____D C:\Users\Steven.Steven-PC
2015-06-08 21:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-08 21:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-05-30 22:03 - 2015-03-25 19:40 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-18 22:06 - 2012-05-04 17:26 - 00000000 ____D C:\Users\Steven
2015-05-18 21:29 - 2012-05-09 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-18 21:29 - 2012-05-09 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 20:47 - 2013-07-13 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-05-18 20:47 - 2012-05-07 21:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-18 20:43 - 2012-05-06 17:49 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 20:42 - 2012-05-09 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 19:08 - 2012-05-05 22:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-05-15 19:41 - 2012-12-22 16:31 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 19:41 - 2012-12-22 16:31 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2012-05-20 14:13 - 2012-05-20 14:13 - 0000104 _____ () C:\Users\Steven.Steven-PC\AppData\Local\fusioncache.dat
2012-05-05 19:46 - 2013-01-03 23:54 - 0007605 _____ () C:\Users\Steven.Steven-PC\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Steven.Steven-PC\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-03 18:58

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Steven at 2015-06-14 22:39:25
Running from C:\Users\Steven.Steven-PC\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4029747782-3714501738-2995947912-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4029747782-3714501738-2995947912-1002 - Limited - Enabled)
Guest (S-1-5-21-4029747782-3714501738-2995947912-501 - Limited - Disabled)
Steven (S-1-5-21-4029747782-3714501738-2995947912-1000 - Administrator - Enabled) => C:\Users\Steven.Steven-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3132-W-D (HKLM-x32\...\{E247B53F-F2DA-48ED-A2D0-44EA203E39EB}) (Version: 1.5.18 - Silicon Image)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Alienware Command Center (HKLM-x32\...\InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}) (Version: 2.8.9.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.9.0 - Alienware Corp.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.50517 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{14AF193A-EC13-3B3E-BFBF-D2C471F12718}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
ccc-core-static (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Crysis® (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.20.0000 - Electronic Arts)
Dell System Detect (HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)
DOOM 3 (HKLM-x32\...\Steam App 9050) (Version:  - id Software)
DOOM 3: Resurrection of Evil (HKLM-x32\...\Steam App 9070) (Version:  - Nerve Software)
Duke Nukem Forever (HKLM-x32\...\Steam App 57900) (Version:  - Gearbox Software)
EasySetPackage (HKLM-x32\...\{266725C1-716F-43AC-BBFB-4201131ED656}) (Version: 2.4 - LG Soft India)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Bethesda Softworks)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.228 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Return to Castle Wolfenstein (HKLM-x32\...\Steam App 9010) (Version:  - id Software)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SiI31xx HBA Wakeup Utility   (HKLM-x32\...\{F28CFCC6-A2BE-4E54-957C-3D8A47936CAC}) (Version: 2.0.3 - Silicon Image)
Stardock MyColors (HKLM-x32\...\Stardock MyColors) (Version: 2.7.500 - Stardock Corporation)
Stardock MyColors (x32 Version: 2.7.500 - Stardock Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

22-05-2015 21:20:51 Windows Update
23-05-2015 19:01:02 Windows Backup
30-05-2015 21:16:49 Windows Backup
31-05-2015 09:36:18 Windows Update
03-06-2015 18:14:06 Windows Update
06-06-2015 19:01:10 Windows Backup
08-06-2015 21:55:32 Restore Operation
12-06-2015 20:47:15 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10E1FEA4-9048-431C-A64D-E6DF6EEB9CE7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {18900368-B251-459D-B7AF-656A60AE4EA5} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-06] (Microsoft Corporation)
Task: {48111F2B-6976-4441-BD89-B27F6755BA8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.)
Task: {514D2D04-772B-465E-BE8C-63611DDDF838} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {5EDF3C32-597E-4CA3-A936-E5E11958B8D5} - System32\Tasks\{FFBEB45C-114F-4D27-B427-81AC445FC484} => pcalua.exe -a D:\EN_Fallout_3_DLC.EXE -d D:\
Task: {71F78DDE-119F-4658-8B2C-8707C7980149} - System32\Tasks\{932EEA26-2F9D-4579-9B91-FD3609719123} => pcalua.exe -a D:\Driver\Installation\Setup.exe -d D:\Driver\Installation
Task: {74E914FE-EAFB-4F31-BD3C-73FA5D07B70C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A8AE5FA9-DBEE-47E8-BB72-98FA041ED597} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2009-06-09 09:56 - 2009-06-09 09:56 - 00100656 _____ () C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
2012-05-20 14:03 - 2012-08-03 17:29 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-06 20:12 - 2009-12-04 17:15 - 00062976 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\HOOK64.dll
2012-05-06 20:12 - 2009-12-22 12:30 - 00159744 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
2012-05-06 20:12 - 2009-12-22 12:31 - 00024576 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
2008-11-18 11:00 - 2008-11-18 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-17 16:40 - 2010-05-17 16:40 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-06 20:12 - 2009-12-22 12:30 - 00057344 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\HOOK.dll
2012-05-06 20:12 - 2009-12-22 12:30 - 00012288 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EngRes.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\dell.com -> dell.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Steven.Steven-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Comrade.exe => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E953271D-8D6F-4BF7-984E-285EA1CB45A7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B6236530-7BAA-4EA3-A74F-E78B7061EC25}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{741A6D3C-C03C-4405-85AF-B4F0928D17F2}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{578F915D-EC3F-4F99-91B5-CAB82F0EE9C1}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{23719A51-9C2B-424D-B9CD-377E2C01297F}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{EF7E0421-6D83-48F1-B730-E3AC346370AB}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{FC52224B-08E5-4ACF-8E4D-D7F4A8135A95}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{9BF8A2F5-0220-47B6-BDB8-903F5ED83F05}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{AB5C8850-EB0B-4C8F-A26B-B91B7BA77B2F}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{923C6DD7-B9E7-4180-9F1F-44000C7A1E10}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{1B0A4701-4490-4AF0-932D-112876A79799}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{06531C0C-5D6A-46F6-99DA-62BD86FD4D90}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DBB855B7-04CA-45D6-868F-22DCFD2A9B7D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{30E426C9-7B8B-484B-ACC0-7719177AC88F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{01C46660-59DC-4A00-9184-CC5E0B9E0E23}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{917811D9-222E-47F2-951C-7907395BDABD}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{86D730E0-B2FE-4135-B387-4AB6AFB60968}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Return to Castle Wolfenstein\WolfSP.exe
FirewallRules: [{4DEAFFDF-5EFF-411D-BB1D-B67EF2566BAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Return to Castle Wolfenstein\WolfSP.exe
FirewallRules: [{2F8A75D1-D7BB-4CFF-AA23-79B535B750BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Return to Castle Wolfenstein\WolfMP.exe
FirewallRules: [{466A530D-EFE3-4672-9E25-5453C58626DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Return to Castle Wolfenstein\WolfMP.exe
FirewallRules: [{53D448E3-D9F6-46CC-8BE8-DEA6A1189607}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\fallout new vegas\FalloutNVLauncher.exe
FirewallRules: [{F8812841-DAEB-4342-9B7A-2F9F3E37FB99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\fallout new vegas\FalloutNVLauncher.exe
FirewallRules: [{9A52E49B-6790-47E3-BDBF-C2793022966D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Doom 3\Doom3.exe
FirewallRules: [{15A0A58A-6939-4451-A761-175E32B6E0A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Doom 3\Doom3.exe
FirewallRules: [{49B64A3E-A1CB-4455-91D8-1A3EC2E970E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{B809093A-B8D6-4EA7-96EC-CBB86806AE3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{3A9F64F6-8F47-487C-B94E-65E44D348BAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{3143466C-F45B-404C-8726-18652D33344E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{881E796E-29DC-4F28-B1EA-F84A415A47BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{FA36A1FB-1F50-4723-B3F4-AC0674B27DE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{281899B1-4299-4387-965A-FD73A63111DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{A894109D-85A5-43E8-A344-42AE38F78AA6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{63422516-A407-41CD-B9DB-662EC08AB613}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{462349E0-3046-45CF-8F12-7133870580D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{985720B7-9834-4EB7-8D7F-E1CEB17A9851}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{A7C90ADF-DBA2-485C-98A5-17AEB489F090}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{3A407384-39E8-49E2-81D7-CE612220119A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{2A39E758-927C-47AA-8720-712F15D281C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{4FBCDE8B-CEA5-480F-A1D9-95188B97AA22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{54C17359-FBA8-4AF2-9EF9-65F4D1355140}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{632391E2-39AF-46DF-8D11-D4C9EB086197}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{07F6CEBD-2046-49F7-89B7-A9356041E808}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CEC59309-00F4-468D-95F4-60C9493EADF6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{773E06A8-F778-4BE4-8DD2-6A6057E073EE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4E5A47F9-2C8D-4C1F-A0D4-5AB885B3E6D6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C289C1E8-F033-45C0-9007-5186FBBA0AF7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{754D1955-662E-4A37-B23F-D990CD8F7F80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duke Nukem Forever\System\DukeForever.exe
FirewallRules: [{E2936E2B-A4BC-4128-A7BD-00FC3089CFB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duke Nukem Forever\System\DukeForever.exe
FirewallRules: [{49F86A93-02F2-495B-81D7-C416441A77DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2015 07:34:36 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (06/08/2015 10:52:15 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (06/08/2015 10:33:07 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (06/08/2015 10:25:52 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (06/08/2015 10:07:09 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Backup). Additional information: 0xc0000034.

Error: (06/08/2015 10:00:47 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (06/08/2015 08:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000008
Fault offset: 0x00000000000d0108
Faulting process id: 0x2f4
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/07/2015 02:45:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000005
Fault offset: 0x000000000004c8f4
Faulting process id: 0x1464
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (06/05/2015 10:25:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7600.16667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b58

Start Time: 01d0a0083f141313

Termination Time: 13

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: 92bb3665-0bfb-11e5-a97b-a4badbf9c57a

Error: (06/04/2015 06:47:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7600.16667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d6c

Start Time: 01d09f2080062db0

Termination Time: 9

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: f7d0d4ea-0b13-11e5-a97b-a4badbf9c57a

System errors:
=============
Error: (06/14/2015 10:37:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:18:10 PM on ‎6/‎14/‎2015 was unexpected.

Error: (06/14/2015 08:12:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:07:28 PM on ‎6/‎14/‎2015 was unexpected.

Error: (06/14/2015 08:01:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:56:20 PM on ‎6/‎14/‎2015 was unexpected.

Error: (06/14/2015 08:30:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:25:01 AM on ‎6/‎14/‎2015 was unexpected.

Error: (06/14/2015 08:20:30 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/14/2015 08:17:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%1747

Error: (06/14/2015 08:17:34 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Superfetch service terminated with service-specific error %%0.

Error: (06/14/2015 08:16:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:04:07 AM on ‎6/‎14/‎2015 was unexpected.

Error: (06/14/2015 07:58:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/14/2015 07:57:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:52:17 AM on ‎6/‎14/‎2015 was unexpected.

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-03 22:16:52.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-03 22:16:52.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-03 22:16:52.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-13 10:18:38.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-13 10:18:38.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-13 10:18:38.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-09 13:37:50.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-09 13:37:50.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-09 13:37:50.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-11-11 22:31:42.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU X 980 @ 3.33GHz
Percentage of memory in use: 16%
Total physical RAM: 12278.9 MB
Available physical RAM: 10313.81 MB
Total Pagefile: 24555.94 MB
Available Pagefile: 22206.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:790.46 GB) NTFS
Drive d: (Fallout 3) (CDROM) (Total:5.52 GB) (Free:0 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:3.75 GB) (Free:3.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7BF855EC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 Could not read MBR for disk 1.

========================================================
Disk: 6 (Size: 3.8 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)

==================== End of log ============================