My parents' computer has (or at least had) some malware on it. I'm visiting them for the holidays and decided to run both the virus scanner (McAfee) and Malwarebytes to see if their computer was fine. The virus scanner didn't find anything, but Malwarebytes found a few items it specifically listed as malware. I've saved the log from that scan for future reference as needed. Also, checking some recent downloads on their computer, they'd downloaded something called Firefoxpatch.exe - I'm guessing that this isn't something they should have downloaded.
I'm not sure what, if any, issues the computer actually has (I don't use it frequently enough to notice any long term performance issues), but I'd like to get it checked out while I'm still in town.
Here's the FRST log. It did create an error message when I ran it. I'm not sure if this is a problem or not.
"Exception EAccessViolation in module ERUNT.exe at 00003A38. Access violation at address 00403A38 in module 'ERUNT.exe'. Read of address 0076005D."
...
EDIT: Adding a bit more information that might be necessary...
-I'm able to work with this up until Thursday. At that point, I'll be heading home. Depending on what's left to do at that time, I may be able to hand the tasks off to my brother in law.
-Aside from the Firefoxpatch.exe thing, I cannot say what my parents have done with this computer. I've tried cleaning stuff up with malwarebytes on previous visits (usually I'm not in town long enough to try making a post here), but I expect that this only goes so far. I assume they've run across malware via clickbait type articles on facebook and news websites. They're not very tech-savy people - I expect they'll likely run into this stuff again (unless there's something I can do to try and safeguard the computer from this).
-Since the initial post, I've seen the page for the firefoxpatch.exe thing pop up once as well as a similar thing for an adobe upgrade. Basically, a web page is redirected to a screen claiming that the computer has a security vulnerability with the suggested program. The page then says to install the file that is being offered (which is malware). It is a pretty convincing page. It likely has something to do with randomly generated adds for some web pages or something.
-If the best or simplest approach is something on the order of getting the computer wiped (or simply a new computer), don't hesitate to say so. This computer is slated for a Windows 10 upgrade at some point or another, so that might be a good time to consider it.
...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Janis (administrator) on JANS (22-12-2015 22:46:56)
Running from C:\Users\Janis\Desktop
Loaded Profiles: Janis (Available Profiles: Janis)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.190.0\McCSPServiceHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723904 2015-11-10] (McAfee, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-04-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-02-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2014-12-07] (Apple Inc.)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-07-27] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E1B1A205-AC8F-48DC-B4E4-A54C4787FA7B}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
URLSearchHook: HKU\S-1-5-21-1572351143-274932609-3859850883-1001 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1572351143-274932609-3859850883-1001 -> DefaultScope {8DA70481-9BB5-444B-8167-8F0BF45420C1} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20151211&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1572351143-274932609-3859850883-1001 -> {8DA70481-9BB5-444B-8167-8F0BF45420C1} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20151211&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-11-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-11-10] (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\6cgocorf.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-05-23] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-02-24] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\6cgocorf.default\searchplugins\McSiteAdvisor.xml [2015-12-22]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-12-22] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-26&ent=hp&u=AE44D1B629480618BC6ED75383D29F5D
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-26&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultSearchKeyword: Default -> securesearch
CHR Profile: C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-27]
CHR Extension: (YouTube) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-01]
CHR Extension: (Google Search) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]
CHR Extension: (SiteAdvisor) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-05]
CHR Extension: (Google Docs Offline) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Xfinity) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2014-05-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0209111450844510mcinstcleanup; C:\WINDOWS\TEMP\020911~1.EXE [883024 2015-10-28] (McAfee, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-11-10] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe [1694152 2015-10-27] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-11-04] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-22 22:46 - 2015-12-22 22:47 - 00029472 _____ C:\Users\Janis\Desktop\FRST.txt
2015-12-22 22:44 - 2015-12-22 22:46 - 00000000 ____D C:\FRST
2015-12-22 22:43 - 2015-12-22 22:43 - 02370560 _____ (Farbar) C:\Users\Janis\Desktop\FRST64.exe
2015-12-22 22:24 - 2015-12-22 22:24 - 00002045 _____ C:\Users\Janis\Desktop\mbm christmas scan.txt
2015-12-22 22:21 - 2015-12-22 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-20 15:03 - 2015-12-22 22:16 - 00003846 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2015-12-20 15:03 - 2015-12-22 21:36 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2015-12-08 16:17 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 16:15 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 16:15 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 16:15 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-08 16:15 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-08 16:15 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 16:15 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-08 16:15 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 16:15 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-08 16:15 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 16:15 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 16:15 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-08 16:15 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 16:15 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-08 16:15 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-08 16:15 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-08 16:15 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-08 16:15 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-08 16:15 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-08 16:15 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-08 16:15 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-08 16:15 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-08 16:15 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 16:15 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 16:15 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 16:15 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 16:15 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-08 16:15 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-08 16:15 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-08 16:15 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-08 16:15 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-08 16:15 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-08 16:15 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-08 16:15 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-08 16:15 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 16:15 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-08 16:15 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-08 16:15 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-08 16:15 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-08 16:15 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-08 16:14 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-08 16:14 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 16:14 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-08 16:14 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-08 16:14 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-08 16:14 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-08 16:14 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 16:14 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-08 16:14 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-08 16:14 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 16:14 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 16:14 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 16:14 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 16:14 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-08 16:14 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-08 16:14 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-08 16:14 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-08 16:14 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-08 16:14 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-08 16:14 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-08 16:14 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-08 16:14 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-08 16:14 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-08 16:14 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-08 16:14 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-08 16:14 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-08 16:14 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 16:14 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 16:14 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-08 16:14 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-08 16:14 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 16:14 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-08 16:14 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 16:14 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 16:14 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 16:14 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 16:14 - 2015-10-22 10:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 16:14 - 2015-10-22 10:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-08 16:14 - 2015-10-22 09:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 16:14 - 2015-10-22 09:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-08 16:14 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 16:14 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 16:14 - 2015-10-11 00:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 16:14 - 2015-10-11 00:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-08 16:14 - 2015-10-11 00:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-08 16:14 - 2015-10-11 00:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-08 16:14 - 2015-10-11 00:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-08 16:14 - 2015-10-10 12:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-08 16:14 - 2015-10-10 12:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-08 16:14 - 2015-10-10 11:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-08 16:14 - 2015-10-08 10:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-08 16:14 - 2015-10-08 09:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-08 16:14 - 2015-10-05 12:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-08 16:14 - 2015-10-05 12:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-08 16:14 - 2015-10-03 13:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-08 16:14 - 2015-10-03 13:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-22 16:48 - 2015-11-22 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-22 16:47 - 2015-11-22 16:47 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-22 16:47 - 2013-07-09 12:58 - 00263896 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2015-11-22 16:47 - 2013-04-25 17:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtsUStoricon.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-22 22:46 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-12-22 22:24 - 2014-06-17 08:31 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449.job
2015-12-22 22:24 - 2013-05-06 12:21 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1572351143-274932609-3859850883-1001
2015-12-22 22:23 - 2015-11-20 17:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-22 22:22 - 2013-03-28 22:23 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-12-22 22:21 - 2013-03-28 22:20 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-22 22:15 - 2015-06-17 15:04 - 00003278 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1572351143-274932609-3859850883-1001
2015-12-22 22:15 - 2014-10-22 13:10 - 00000000 ____D C:\Users\Janis\OneDrive
2015-12-22 22:15 - 2014-02-24 16:36 - 00003332 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001
2015-12-22 22:14 - 2014-06-17 08:31 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e.job
2015-12-22 22:14 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-22 22:14 - 2013-05-16 09:38 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-12-22 22:13 - 2013-08-22 09:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-22 22:13 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-22 22:12 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-22 21:19 - 2013-11-21 08:44 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A19C01D2-DDA3-4D45-9C25-740E5A78DD84}
2015-12-20 15:04 - 2015-06-28 08:03 - 00003064 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-12-20 15:04 - 2015-06-28 08:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-12-20 15:02 - 2013-03-28 22:20 - 00000000 ____D C:\ProgramData\McAfee
2015-12-18 09:36 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-18 09:35 - 2015-04-14 19:25 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-18 09:35 - 2015-04-14 19:25 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-18 09:28 - 2013-03-28 22:20 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-12-18 09:28 - 2012-07-26 02:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-18 05:23 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-18 05:22 - 2013-08-07 14:35 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-17 10:39 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-17 10:39 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-17 10:06 - 2013-09-18 15:44 - 00000000 ____D C:\Users\Janis\Documents\Cypress Pointe East Hospital
2015-12-16 14:29 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-16 13:24 - 2014-05-15 16:42 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 22:04 - 2013-05-06 12:12 - 00000000 ____D C:\Users\Janis\AppData\Local\Packages
2015-12-14 10:15 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 14:41 - 2014-09-24 01:15 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-11 14:36 - 2013-08-22 08:44 - 00381968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 14:35 - 2014-06-17 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-11 14:35 - 2013-11-04 15:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 14:35 - 2013-11-04 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 16:59 - 2013-11-04 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 16:57 - 2013-08-12 10:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 16:53 - 2013-05-07 07:04 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 16:31 - 2015-07-21 11:44 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2015-12-08 16:19 - 2014-06-17 08:31 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449
2015-12-08 16:19 - 2014-06-17 08:31 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e
2015-12-01 11:19 - 2015-05-15 15:10 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 11:19 - 2015-05-15 15:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-28 10:06 - 2014-11-23 17:49 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-11-28 10:06 - 2014-11-23 17:47 - 00000000 ____D C:\Users\Janis\AppData\Local\Battle.net
2015-11-28 10:06 - 2014-11-23 17:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-22 16:47 - 2013-03-28 22:13 - 00000000 ____D C:\ProgramData\Dell
2015-11-22 16:47 - 2013-03-28 22:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-22 16:47 - 2012-05-08 05:37 - 00000000 ____D C:\DELL
==================== Files in the root of some directories =======
2013-03-28 22:20 - 2013-03-28 22:20 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-03-28 22:17 - 2013-03-28 22:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-03-28 22:18 - 2013-03-28 22:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-03-28 22:17 - 2013-03-28 22:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-03-28 22:19 - 2013-03-28 22:20 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Files to move or delete:
====================
C:\Users\Janis\BPMcount.exe
Some files in TEMP:
====================
C:\Users\Janis\AppData\Local\Temp\lowproc.exe
C:\Users\Janis\AppData\Local\Temp\rnsetup0.exe
C:\Users\Janis\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-20 03:46
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Janis (2015-12-22 22:47:25)
Running from C:\Users\Janis\Desktop
Windows 8.1 (X64) (2014-10-22 19:08:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1572351143-274932609-3859850883-500 - Administrator - Disabled)
Guest (S-1-5-21-1572351143-274932609-3859850883-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1572351143-274932609-3859850883-1003 - Limited - Enabled)
Janis (S-1-5-21-1572351143-274932609-3859850883-1001 - Administrator - Enabled) => C:\Users\Janis
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.3.1.0 - Auslogics Labs Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.201.3 - Citrix Systems, Inc.)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.6120 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SlimCleaner Plus (HKLM\...\{BA219F82-20BF-49AD-A279-E2D69D3B9D3F}) (Version: 1.0.26102 - SlimWare Utilities, Inc.)
Software Updater (HKLM-x32\...\{229E7A38-807F-4C7B-8757-B447549D30A7}) (Version: 4.1.6 - SEIKO EPSON CORPORATION) <==== ATTENTION
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{124310E8-7C49-4C33-B4F2-3CF43F3830B7}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{DD178D9D-89DD-4F15-9E56-57C85D1EDF36}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1572351143-274932609-3859850883-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
06-12-2015 04:41:17 Scheduled Checkpoint
14-12-2015 10:14:04 Scheduled Checkpoint
18-12-2015 09:34:35 Windows Update
22-12-2015 21:31:35 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02D37BF4-7FEB-4BB2-915F-D08A4081B0A6} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {2024250E-B53F-42C8-92EB-9285D848CEE2} - System32\Tasks\4682 => C:\WINDOWS\system32\wscript.exe [2014-10-28] (Microsoft Corporation) <==== ATTENTION
Task: {2B52F345-BF24-435F-8F78-A1005ECAD18E} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {2CCFD06E-BEB0-4CF1-B0F5-BF7472FC819B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2DBD520F-4943-4D33-9743-97ACB8182D89} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {30D1C0E5-3470-4847-A55E-DE406176DDAC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3810800D-C657-4E31-939D-DCEED3560777} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {38181E86-0DA8-4A8A-8319-5D18896BD9C7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {3BBBDA43-3567-402D-8062-1039E66C8185} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-11-15] (McAfee, Inc.)
Task: {402B4FA6-C98B-4BB3-BDD4-16567934D391} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {451D02D6-F327-419B-B68C-C7ED97707842} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-11-15] (McAfee, Inc.)
Task: {5A8A8EE1-D4F2-4090-B83D-DA3697D4D083} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6AD5ECAC-8A92-4C6F-8353-8F3FADA71D51} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {82D547EF-9A9D-4863-949F-5415C33C0FF1} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {8858367A-B898-4396-822C-1974741A1AB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {919B4935-F36C-4585-B494-7F07AEAF70B0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {92468B63-A5B5-4FCD-88C1-BA0F6A8EAE41} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {9BABB565-271C-41CA-A14A-A283542693FB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9C99817A-29F7-495E-BA94-4C356FFAA6FF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {A617FD13-A34C-4AC5-98E4-4D8B3E1AD1C8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {AF036BF3-0E69-49A1-A633-0F30C14BB86F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B1F74EB4-C943-4DF7-8589-AEDF6F9F6355} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C1870DB1-FF74-4BD1-87CD-899967551184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C39E28A1-6E39-49C7-B542-F976D36E87FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {CDB9F925-01AE-49D7-A442-88C196AF2D13} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {D991C192-6A36-4ADF-B14A-8B103277C764} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E1F73018-DF9A-43AB-AA35-E849A6D2B6A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E6499AF8-1A5A-433F-A569-3E33EECDF878} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {EC35DDE8-FC04-40BA-B6A4-8E006AB10D3C} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Janis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {EE0F21DE-6FE9-4BB2-BE10-EE144E9123B9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {F320837C-A405-4844-A37E-A306CB657C90} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Janis).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-03-19 06:53 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-03-28 22:19 - 2012-04-24 20:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-10-30 03:23 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-22 01:19 - 2013-08-22 00:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2014-09-18 12:37 - 2014-07-02 20:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-12-11 15:29 - 2015-12-11 15:29 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c89a3da49bf7bd161745f4228277ea00\PSIClient.ni.dll
2013-03-28 22:11 - 2012-07-18 13:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-18 12:37 - 2014-07-30 16:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-03-28 22:23 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 12:37 - 2012-11-25 22:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\StartupApproved\Run: => "SlimCleaner Plus"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FDD65945-7834-4266-8598-5F2BE9761387}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{6C917383-382A-4094-A092-09E056F249D9}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{643F41FE-CBFD-47CC-A79D-49B1BAC8B60A}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [UDP Query User{D5900831-C560-492A-BB70-A091C04C6D10}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{5C06A137-7364-4B3C-B3E0-C581268EB6FE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{98A2FFCD-8EFE-4805-8592-54E14BA4415A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3B69F53D-98A1-4171-9EC8-DA37B5D18F74}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{8FA34052-0EF7-4BC6-A8D1-05477EB02349}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{35814B38-E0E3-44C3-BD63-CC563A25D995}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{9DA2A88E-57EB-4351-AE57-4136B71C1B20}] => (Allow) C:\Users\Janis\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{82E74593-4D12-44BE-B51D-95669802AC2D}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{08C1A80F-39C7-4B4D-8396-3DDB4FB501AC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{8C979EDA-1480-41A8-91D5-64637B276E7E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{82A8F670-91B4-4B66-AF1C-9BA6C79C6412}] => (Allow) LPort=1900
FirewallRules: [{932128B4-1D5A-45F5-9EC0-C71357E86292}] => (Allow) LPort=2869
FirewallRules: [{5E1EB804-A01F-4340-A911-F7EAB3765776}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AA968DAB-D59A-4416-B05A-B6DC3CC4EFAA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{8762A3CF-F41E-4CEB-A48C-F068602EDF86}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9D8F537F-BD5B-4B02-8411-36E22430BF11}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{766CA18D-1C55-4D71-A10A-3969D6A2794F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{99629CEA-F54A-46AF-87B4-D9032C366B4B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1312F9F6-BF92-4533-B281-120270439438}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{383610AA-A6FE-4CEA-AA32-C158A89EC60E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{5CA7099D-D83D-4FAD-99B8-8D99923BA768}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4D10604A-DC83-40A2-8A82-DFC0CFE7D76F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A7CBFF40-9548-4780-AC7D-B742A2B9EAFA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{58176319-070B-418A-B5B6-3B5AD09B0563}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B802A663-3A53-4627-89A9-D6644C1DC95B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{DEE7EEF2-E79A-474A-9EB8-060A05AF6766}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C6A30A7-DDEE-4026-82BF-3990D127DA86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D025457-231B-4C2A-92B3-83FFFD8F248D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/22/2015 10:45:03 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (12/22/2015 10:15:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.1.201.3, time stamp: 0x4fbcdeaa
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650afd4
Exception code: 0xc0000005
Fault offset: 0x00018ab9
Faulting process id: 0x16b8
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report Id: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
Error: (12/22/2015 10:14:21 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (12/22/2015 10:14:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (12/22/2015 09:21:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 18dc
Start Time: 01d13d304f58fc91
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
Report Id: 42914237-a924-11e5-bebe-a41f726d87b3
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
Faulting package-relative application ID: App
Error: (12/22/2015 08:55:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1a64
Start Time: 01d13cc810fb93cf
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
Report Id: 016cdb5a-a8bc-11e5-bebe-a41f726d87b3
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
Faulting package-relative application ID: App
Error: (12/20/2015 07:34:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 72c
Start Time: 01d13b8efe1324f6
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
Report Id: f0c4e623-a782-11e5-bebe-a41f726d87b3
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
Faulting package-relative application ID: App
Error: (12/20/2015 02:32:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1f38
Start Time: 01d13b64db75d17d
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
Report Id: cefe879b-a758-11e5-bebe-a41f726d87b3
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
Faulting package-relative application ID: App
Error: (12/18/2015 09:25:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: cb8
Start Time: 01d139a790fb25bf
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
Report Id: 847bb12a-a59b-11e5-bebe-a41f726d87b3
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
Faulting package-relative application ID: App
Error: (12/17/2015 10:07:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 13d0
Start Time: 01d138e45680741e
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
Report Id: 4907bafb-a4d8-11e5-bebe-a41f726d87b3
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
Faulting package-relative application ID: App
System errors:
=============
Error: (12/22/2015 10:16:00 PM) (Source: DCOM) (EventID: 10010) (User: JANS)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
Error: (12/22/2015 10:14:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SlimWare Utility Service Launcher service failed to start due to the following error:
%%2
Error: (12/22/2015 09:42:10 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (12/22/2015 05:38:32 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (12/21/2015 04:47:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (12/20/2015 08:28:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (12/20/2015 07:41:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (12/20/2015 07:41:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (12/20/2015 07:41:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (12/20/2015 07:41:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
==================== Memory info ===========================
Processor: Intel® Core i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 8063.54 MB
Available physical RAM: 5392.86 MB
Total Virtual: 9343.54 MB
Available Virtual: 6483.12 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.11 GB) (Free:833.47 GB) NTFS
Drive x: () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:13.82 GB) (Free:0.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F863C3B0)
Partition: GPT.
==================== End of Addition.txt ============================
Edited by jtg22, 27 December 2015 - 12:41 AM.