Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware

Started by mkdsk , Feb 06 2016 11:35 PM

Help

Please log in to reply

#1
mkdsk

Posted 06 February 2016 - 11:35 PM

Member

Member
13 posts

My computer I THINK has malware on it and I need help removing it. Also, when I play any videos like on you tube the video lags. Thanks for any help.

#2
mkdsk

Posted 06 February 2016 - 11:46 PM

Member

Topic Starter
Member
13 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016

Ran by MARK (administrator) on MARK-PC (06-02-2016 20:46:51)

Running from C:\Users\MARK\Desktop\MALWARE

Loaded Profiles: MARK (Available Profiles: MARK)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

( ) C:\Windows\System32\dlbacoms.exe

( ) C:\Windows\System32\dleacoms.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)

HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-10-10] (RealNetworks, Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)

HKLM-x32\...\Run: [ICF] => "C:\Program Files (x86)\Internet Content Filter\mfp.exe"

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\Run: [EasyHideIPVPN] => C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe

HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)

HKU\S-1-5-21-2130412082-872510349-2259372935-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk [2015-04-04]

ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2130412082-872510349-2259372935-1000] => 23.105.173.166:80

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{3631C8E6-D178-4917-9B0D-BFB51262D9F1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{BFB6B096-4145-4ED2-A8E0-19EDCA9E0ED4}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:

==================

HKU\S-1-5-21-2130412082-872510349-2259372935-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2130412082-872510349-2259372935-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2130412082-872510349-2259372935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2130412082-872510349-2259372935-1000 -> {A66DD251-0B43-4530-BFF2-63A93535BD5B} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151019&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2130412082-872510349-2259372935-1000 -> {C56AFD0B-5A78-4E7F-9993-19B1BC996C4C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader)

BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-07] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-07] (Oracle Corporation)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-01-08] (McAfee, Inc.)

FireFox:

========

FF ProfilePath: C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\5ms4ut2y.default-1430269792725

FF DefaultSearchEngine.US: Secure Search

FF SearchEngineOrder.1: Secure Search

FF SelectedSearchEngine: Secure Search

FF Homepage: hxxps://mail.aol.com/webmail-std/en-us/suite

hxxps://search.yahoo.com/yhs/search;_ylt=A0LEVrY9XAxWbGcAfqQnnIlQ;_ylc=X1MDMTM1MTE5NTY4NwRfcgMyBGZyA3locy1tb3ppbGxhLTAwMgRncHJpZANDN2xfejhMSlEuaURCTGNyTm5NS0xBBG5fcnNsdAMwBG5fc3VnZwMxBG9yaWdpbgNzZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzQwBHF1ZXJ5A0RSSVZFTElORSBFTVBMT1lNRU5UIE9QUE9SVFVOSVRZIHJldmlld3MEdF9zdG1wAzE0NDM2NTA2OTQ-?p=DRIVELINE+EMPLOYMENT+OPPORTUNITY+reviews&fr2=sb-top-search&hspart=mozilla&hsimp=yhs-002

hxxps://twitter.com/

hxxp://www.movie4k.to/San-Andreas-watch-movie-6299174.html

hxxps://get.adobe.com/flashplayer/download/?installer=FP_19_for_Firefox_-_NPAPI&os=Windows%207&browser_type=Gecko&browser_dist=Firefox&d=McAfee_Security_Scan_Plus_FireFox_Browser&dualoffer=false

FF Session Restore: -> is enabled.

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()

FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)

FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)

FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-07] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-07] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()

FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll [2012-05-22] (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.4.19 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-10-10] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-05] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-05] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.4.19 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-10-10] (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2130412082-872510349-2259372935-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-10-10] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-05] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-05] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-05] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-05] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-05] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-10-10] (RealPlayer)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-06-26] (Coupons, Inc.)

FF SearchPlugin: C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\5ms4ut2y.default-1430269792725\searchplugins\McSiteAdvisor.xml [2016-02-06]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-04-24]

FF Extension: QuickJava - C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\5ms4ut2y.default-1430269792725\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-05-31]

FF Extension: Exif Viewer - C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\5ms4ut2y.default-1430269792725\extensions\[email protected] [2016-01-03]

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-10] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected] => not found

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-04] [not signed]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.facebook.com/

CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxp://search.conduit.com/?ctid=CT3292715&SearchSource=48&CUI=UN78212901972922245&UM=2","hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11411&pf=V7&trgb=CR&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_36.0.1985.125&apn_uid=18BF653D-4559-43C4-8703-3225ED0BEC5E&itbv=12.15.1.20&doi=2014-07-19&psv=&pt=tb","hxxp://websearch.thesearchpage.info/?pid=2457&r=2015/01/16&hid=16875487775573251436&lg=EN&cc=US&unqvl=74"

CHR Session Restore: Default -> is enabled.

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll ()

CHR Profile: C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]

CHR Extension: (YouTube) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Google Search) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]

CHR Extension: (Who Dumped Me?) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgeaeoklapomofpcppeiahpnjadbkim [2015-09-12]

CHR Extension: (TLRemove) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2015-09-26]

CHR Extension: (Chrome Web Store Payments) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]

CHR Extension: (Gmail) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-22]

CHR Profile: C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (No Name) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2015-06-23]

CHR Extension: (No Name) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-23]

CHR Extension: (No Name) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-23]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-27]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.)

R2 dlba_device; C:\Windows\system32\dlbacoms.exe [567280 2007-03-05] ( )

R2 dlba_device; C:\Windows\SysWOW64\dlbacoms.exe [538096 2007-03-05] ( )

R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-01-07] ( )

R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2015-12-29] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)

R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe [1694152 2016-01-21] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)

R3 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)

R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)

R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()

S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)

S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1074720 2012-08-30] (Safer-Networking Ltd.)

S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1358360 2012-08-30] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-03-22] (Safer-Networking Ltd.)

S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [X]

S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-06] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-12-01] (McAfee, Inc.)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)

R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37448 2015-12-29] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2015-03-25] (EldoS Corporation)

R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)

R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)

R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)

S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]

S3 StkTMini; C:\Windows\System32\Drivers\StkTMini.sys [528256 2007-11-15] (Syntek)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (Anchorfree Inc.)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]

R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)

S1 upzocdbr; \??\C:\Windows\system32\drivers\upzocdbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 20:37 - 2016-02-06 20:46 - 00000000 ___DC C:\Users\MARK\Desktop\MALWARE

2016-02-06 18:08 - 2016-02-06 18:09 - 00057785 ____C C:\Users\MARK\Downloads\Addition.txt

2016-02-06 18:06 - 2016-02-06 20:46 - 00000000 ___DC C:\FRST

2016-02-06 17:15 - 2016-02-06 19:22 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-02-06 17:15 - 2016-02-06 17:15 - 00001104 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-02-06 17:15 - 2016-02-06 17:15 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-02-06 17:15 - 2016-02-06 17:15 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-02-06 17:15 - 2015-10-05 09:50 - 00109272 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-02-06 17:15 - 2015-10-05 09:50 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-02-06 17:15 - 2015-10-05 09:50 - 00025816 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-02-06 12:23 - 2016-02-06 12:23 - 00003358 ____C C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2130412082-872510349-2259372935-1000

2016-02-06 12:23 - 2016-02-06 12:23 - 00003222 ____C C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2130412082-872510349-2259372935-1000

2016-02-05 15:12 - 2016-02-06 14:39 - 00004020 ____C C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse

2016-02-04 02:19 - 2015-12-01 07:34 - 00076064 ____C (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys

2016-02-04 02:17 - 2016-02-04 02:17 - 00000000 ___DC C:\ProgramData\Intel Security

2016-02-04 02:16 - 2016-02-04 02:16 - 00000000 ___DC C:\Program Files\Common Files\Intel Security

2016-02-03 13:08 - 2016-02-03 13:08 - 00001892 ____C C:\Users\Public\Desktop\Garmin Express.lnk

2016-02-03 13:00 - 2016-02-06 18:19 - 00003846 ____C C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse

2016-01-22 18:25 - 2016-01-22 18:25 - 00000000 ___DC C:\Users\MARK\Desktop\Screen shots1

2016-01-17 01:20 - 2016-01-17 01:20 - 00000000 ___DC C:\Users\MARK\AppData\Roaming\iDealshare VideoGo 6

2016-01-11 19:15 - 2016-01-12 15:45 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox

2016-01-08 21:46 - 2016-01-08 22:15 - 00000000 ___DC C:\Users\MARK\AppData\Local\CrashDumps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 20:44 - 2015-12-11 21:47 - 00000000 ___DC C:\Users\MARK\Desktop\TRUST GOD

2016-02-06 20:25 - 2015-04-23 18:44 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-02-06 19:53 - 2015-06-22 19:15 - 00000898 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-02-06 13:51 - 2009-07-13 23:45 - 00028352 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-02-06 13:51 - 2009-07-13 23:45 - 00028352 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-02-06 12:53 - 2015-06-22 19:15 - 00000894 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-02-06 12:24 - 2010-12-12 22:08 - 00000000 __RSD C:\Users\MARK\Documents\McAfee Vaults

2016-02-06 12:23 - 2011-12-23 02:00 - 00000000 ___DC C:\Users\Default\AppData\Local\SoftThinks

2016-02-06 12:23 - 2011-12-23 02:00 - 00000000 ___DC C:\Users\Default User\AppData\Local\SoftThinks

2016-02-06 12:23 - 2011-12-23 01:39 - 00000000 ___DC C:\Program Files (x86)\Dell DataSafe Local Backup

2016-02-06 12:22 - 2009-07-14 00:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT

2016-02-04 18:57 - 2015-06-22 19:15 - 00002214 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-02-04 18:57 - 2015-06-22 19:15 - 00002185 ____C C:\Users\Public\Desktop\Google Chrome.lnk

2016-02-04 12:15 - 2011-12-23 01:55 - 00000000 ___DC C:\Program Files (x86)\McAfee

2016-02-04 02:20 - 2015-10-19 20:59 - 00000000 ___DC C:\Program Files\Common Files\McAfee

2016-02-04 02:18 - 2015-10-19 21:04 - 00003064 ____C C:\Windows\System32\Tasks\McAfeeLogon

2016-02-03 13:11 - 2012-11-21 12:09 - 00000000 ___DC C:\ProgramData\Package Cache

2016-02-03 13:09 - 2014-07-25 14:36 - 00000000 ___DC C:\Program Files (x86)\Garmin

2016-02-03 13:08 - 2014-08-14 13:45 - 00003554 ____C C:\Windows\System32\Tasks\GarminUpdaterTask

2016-02-03 13:08 - 2014-07-25 13:18 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2016-02-03 12:48 - 2015-06-22 19:15 - 00003894 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-02-03 12:48 - 2015-06-22 19:15 - 00003642 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-02-03 12:42 - 2011-12-31 14:44 - 00000000 ___DC C:\Users\MARK

2016-02-03 12:41 - 2015-11-03 17:15 - 00000000 ___DC C:\Users\MARK\AppData\Local\Garmin_Ltd._or_its_subsid

2016-02-03 12:41 - 2015-10-19 21:04 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2016-02-03 12:41 - 2015-05-12 13:16 - 00000000 __SDC C:\Windows\system32\GWX

2016-02-03 12:41 - 2011-12-31 18:48 - 00000000 ___DC C:\ProgramData\Real

2016-02-03 12:41 - 2009-07-13 22:20 - 00000000 ___DC C:\Windows\registration

2016-02-03 12:41 - 2009-07-13 22:20 - 00000000 ___DC C:\Windows\inf

2016-01-31 16:48 - 2015-08-05 12:09 - 00000000 ___DC C:\Users\MARK\Desktop\Fairy

2016-01-29 21:08 - 2011-10-30 19:23 - 00000000 ___DC C:\Users\MARK\Desktop\DAD CAT

2016-01-27 02:07 - 2015-11-08 21:27 - 00000000 ___DC C:\Users\MARK\Desktop\K of C

2016-01-26 01:57 - 2015-06-15 17:09 - 00000000 ___DC C:\Users\MARK\Desktop\CB

2016-01-25 15:04 - 2015-10-22 11:37 - 00000000 ___DC C:\Users\MARK\Desktop\NEW HAMP

2016-01-24 15:08 - 2012-01-23 19:34 - 00000000 ___DC C:\Users\MARK\AppData\Roaming\Audacity

2016-01-21 12:31 - 2015-10-19 20:59 - 00000000 ___DC C:\ProgramData\McAfee

2016-01-21 01:25 - 2015-04-23 18:44 - 00796864 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-01-21 01:25 - 2015-04-23 18:44 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-01-21 01:25 - 2015-04-23 18:44 - 00003768 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-01-21 01:00 - 2015-10-19 21:03 - 00003348 ____C C:\Windows\System32\Tasks\McAfee Remediation (Prepare)

2016-01-20 23:46 - 2015-04-10 11:46 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service

2016-01-20 23:46 - 2011-12-23 01:24 - 00000000 ___DC C:\Windows\system32\Macromed

2016-01-18 02:38 - 2015-11-26 18:47 - 00000000 ___DC C:\Users\MARK\Desktop\Emily Ann Roberts

2016-01-12 12:49 - 2014-07-01 10:50 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2016-01-12 12:48 - 2015-01-17 18:22 - 00003886 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-03-17 15:32 - 2015-04-29 16:26 - 0000020 ____C () C:\Users\MARK\AppData\Roaming\appdataFr3.bin

2013-04-29 17:57 - 2013-04-29 17:59 - 0308064 ____C () C:\Users\MARK\AppData\Roaming\CodecsLE_Install.log

2013-11-21 12:22 - 2015-03-11 16:46 - 0007859 ____C () C:\Users\MARK\AppData\Roaming\pcouffin.cat

2013-11-21 12:22 - 2015-03-11 16:46 - 0001167 ____C () C:\Users\MARK\AppData\Roaming\pcouffin.inf

2013-11-21 12:22 - 2015-03-11 16:46 - 0000055 ____C () C:\Users\MARK\AppData\Roaming\pcouffin.log

2013-11-21 12:22 - 2015-03-11 16:46 - 0082816 ____C (VSO Software) C:\Users\MARK\AppData\Roaming\pcouffin.sys

2015-03-21 19:25 - 2015-03-22 12:03 - 0001181 ____C () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.1.txt

2015-03-21 19:25 - 2015-03-21 19:25 - 0001181 ____C () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.2.txt

2015-03-21 19:25 - 2015-03-22 12:09 - 0000919 ____C () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.txt

2015-03-21 19:25 - 2015-03-22 12:09 - 0000000 ____C () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt

2015-07-16 22:21 - 2015-07-16 22:21 - 0007168 ____C () C:\Users\MARK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-05-16 14:25 - 2015-11-04 13:03 - 0135168 ____C () C:\Users\MARK\AppData\Local\rx_audio.Cache

2013-02-22 19:31 - 2015-10-28 13:12 - 1282348 ____C () C:\Users\MARK\AppData\Local\rx_image32.Cache

2015-03-15 10:04 - 2015-03-15 10:04 - 0000402 ____C () C:\Users\MARK\AppData\Local\Temp-log.txt

2013-05-11 13:35 - 2015-11-07 22:23 - 0000900 __SHC () C:\ProgramData\KGyGaAvL.sys

2012-07-30 21:10 - 2012-07-30 21:10 - 0002462 ____C () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag

2015-05-10 17:13 - 2015-05-10 17:13 - 0005089 ____C () C:\ProgramData\vczcspay.tpu

2015-03-28 12:16 - 2015-03-28 12:16 - 0005013 ____C () C:\ProgramData\wmzddnmb.cix

2013-05-05 12:22 - 2013-05-05 12:22 - 0005067 ____C () C:\ProgramData\xgneqrwu.hrx

Some files in TEMP:

====================

C:\Users\MARK\AppData\Local\Temp\ICReinstall_761e81f4-fce6-46e1-92e4-30fb248ae189.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-29 14:25

==================== End of FRST.txt ============================

#3
mkdsk

Posted 06 February 2016 - 11:46 PM

Member

Topic Starter
Member
13 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by MARK (2016-02-06 20:47:53)

Running from C:\Users\MARK\Desktop\MALWARE

Windows 7 Home Premium Service Pack 1 (X64) (2011-12-31 19:44:05)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2130412082-872510349-2259372935-500 - Administrator - Disabled)

Guest (S-1-5-21-2130412082-872510349-2259372935-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2130412082-872510349-2259372935-1002 - Limited - Enabled)

MARK (S-1-5-21-2130412082-872510349-2259372935-1000 - Administrator - Enabled) => C:\Users\MARK

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Spybot - Search and Destroy (Disabled - Out of date) {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Any Video Converter Ultimate 5.5.8 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)

Any Video Recorder version 1.0.4 (HKLM-x32\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.4 - anvsoft, Inc.)

AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brorsoft Video Converter Ver 1.4.0.5345 (HKLM-x32\...\{3231B80A-455C-497a-8425-3E44C006D76C}_is1) (Version: - )

Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

Corel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) Hidden

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell AIO Printer A940 (HKLM\...\Dell AIO Printer A940) (Version: - Dell, Inc.)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)

Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)

Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)

Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.55 - PC-Doctor, Inc.)

Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)

Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

Disketch Disc Label Software (HKLM-x32\...\Disketch) (Version: 3.32 - NCH Software)

DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)

eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)

Electa Live Screen Recorder (HKLM-x32\...\{ACBEFFFE-9499-407A-8D44-C1DDB3DB94F0}) (Version: 1.2 - ELECTA COMMUNICATIONS LTD)

eLecta Live Virtual Room 8.0 (HKLM-x32\...\{2557C300-2B7E-4B18-9596-5FEE3B44A01C}_is1) (Version: 8.0 - ELECTA COMMUNICATIONS LTD)

Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)

Foxit PhantomPDF Standard (HKLM-x32\...\{C12946DC-8741-45DD-A848-9E6A3D663BE1}) (Version: 7.1.5.425 - Foxit Software Inc.)

Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 2.0.3 - Blue Labs, LLC)

Garmin City Navigator North America NT 2015.10 (HKLM-x32\...\{FCDB42FC-A70B-4041-877F-D73E16DE4345}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)

Garmin City Navigator North America NT 2015.30 (HKLM-x32\...\{0F0E68E9-9463-4087-B211-E80FAC5F9BC6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

Golden Videos VHS to DVD Converter (HKLM-x32\...\GoldenVideos) (Version: 3.04 - NCH Software)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

Graboid Video 3.89 (HKLM-x32\...\Graboid Video) (Version: 3.89 - Graboid Inc.)

Graboid Video 3.89 Setup (HKLM-x32\...\{6b5f9db0-02dc-4c5b-b16b-6a7f1f81557e}) (Version: 3.8.9 - FUSENET)

HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)

iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )

LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)

LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden

LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Mask My IP (HKLM-x32\...\MaskMyIP) (Version: 2.5.6.8 - )

McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)

McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.141 - McAfee, Inc.)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Excel 97 (HKLM-x32\...\Excel) (Version: - )

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Outlook 97 (HKLM-x32\...\Outlook) (Version: - )

Microsoft SkyDrive (HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Movavi Screen Capture Studio 6 (HKLM-x32\...\Movavi Screen Capture Studio 6) (Version: 6.2.1 - Movavi)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)

MPlayer (remove only) (HKLM-x32\...\MPlayer) (Version: - )

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)

Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden

PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

RealDownloader (x32 Version: 1.3.4 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)

RealProducer Plus 8.5 (HKLM-x32\...\RealProducer 8.5) (Version: - )

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Roxio Creator NXT Pro (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)

SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden

SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.10 - Safer-Networking Ltd.)

SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)

SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden

THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)

Transfer Utility (HKLM-x32\...\{0ECE15AC-CB68-40EC-B70D-1B220717844C}) (Version: 1.00.012 - PIXELA)

Triple Scoop Music (x32 Version: 1.0.019 - Roxio) Hidden

USB2.0 ATV (HKLM-x32\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus)

USB2.0 ATV (HKLM-x32\...\USB2.0 ATV) (Version: - )

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 4.2.9.15649 - LeapFrog)

Vegas Pro 12.0 (64-bit) (HKLM\...\{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}) (Version: 12.0.563 - Sony)

VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.74 - NCH Software)

VirtualDJ Home FREE (HKLM-x32\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.2 - VSO Software)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Wondershare Streaming Audio Recorder(Build 2.0.2.3) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.0.2.3 - Wondershare Software Co.,Ltd.)

WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)

WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)

Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{A66FC8BB-7AFD-4FCF-BBA1-341AE079C7DF}\InprocServer32 -> C:\Program Files\Roxio Creator NXT\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AE0F002-CD1A-41E1-BE58-9317FBBB6EC3} - System32\Tasks\{C463BCFA-7638-46AF-8EB8-408311981CFE} => pcalua.exe -a C:\Windows\StkUnist.exe

Task: {10F1EF9A-AFB8-426E-AE84-1B9691F9FA27} - System32\Tasks\McAfee\McAfee Idle Detection Task

Task: {144E0E91-D00E-4D82-9885-778C3A749490} - System32\Tasks\{487AB330-EBD7-4A76-B891-A91754FD4314} => Chrome.exe

Task: {14969F7B-C1F9-4FD9-A2EE-6EFBB24DCC60} - System32\Tasks\{A856C4BF-2EB7-46E3-9087-76EF407BC8EF} => pcalua.exe -a D:\Setup.EXE -d D:\

Task: {19605A68-8D93-416E-B6A1-F04C2F6ECAA4} - System32\Tasks\{45416873-6870-44CC-8E45-58127503EEAF} => Chrome.exe

Task: {1A942A5C-FE8D-4049-A9D6-8893D90BA979} - System32\Tasks\{2D3028CF-CE03-4AE4-B144-B8BEB566D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

Task: {281A7460-642E-40A2-B0E5-A2D2BA0CC5C4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2130412082-872510349-2259372935-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)

Task: {2DE00C78-BF46-49E7-8C1E-8D19E977FDA5} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {3268B6BC-5528-4FB5-A5CC-F1A9064FDBA4} - System32\Tasks\{D5E8CB6B-319E-4F0E-917E-CBAC38E34677} => C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [2015-03-18] (AOL Inc.)

Task: {383FBE19-54DE-4CD7-82D9-40F5DC1A53E6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2130412082-872510349-2259372935-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-08-12] (RealNetworks, Inc.)

Task: {38B8C499-E203-4AAA-9330-DABB68DF9F43} - System32\Tasks\{8CD991B8-C611-457C-9A4B-8E148BBC1495} => Chrome.exe

Task: {38D302D2-0E6B-45A9-8EB5-5A6693DA67ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-08-30] (Safer-Networking Ltd.)

Task: {38E81C6D-A7CB-40F0-BE15-DC425591CFEC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()

Task: {3A4C9BB5-147B-47CB-8157-34D11DDF3D1A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {3A5D1F68-A08D-4167-93B9-BEEC90774902} - System32\Tasks\{4F83FC33-6FC3-4DBC-85FC-DA4905D386A2} => pcalua.exe -a "C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe" -d "C:\Program Files (x86)\VSO\pcsetup" -c /remove /removeatip "Uninstalling... Please reboot aftwerwards!"

Task: {3DE84952-ECFD-482D-B8F2-1268D979F166} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {3F36AC65-599F-4068-AE1A-E9D3A1D44FE7} - System32\Tasks\{5F68D73C-8234-4EAA-BA0E-473F75021E19} => pcalua.exe -a C:\Users\MARK\Desktop\MMM\startuplite-setup-1.07.exe -d C:\Users\MARK\Desktop\MMM

Task: {4329D0C6-8822-4D80-960E-25EA64DEB2AB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {461E575F-197D-4A6A-9F4C-4DC54EA5650C} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)

Task: {4CCEF7E3-0CC7-488D-9226-593999AC0E27} - System32\Tasks\{13F92E3C-232E-4FA8-8FF7-EEAAF6931DD8} => C:\Users\MARK\Downloads\musicmatch10.00.4033.exe

Task: {4FE69CB6-D4A6-4E24-A902-36A820070934} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-08-19] (PC-Doctor, Inc.)

Task: {516A4DCD-25D6-488B-BA51-8539C4969377} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {525ADD04-55BA-4913-B544-CBC829CDA221} - System32\Tasks\{9FB150E9-5941-4658-BCD0-641ED11803BF} => C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe [2007-03-05] ()

Task: {52AE9C83-353E-48EF-991B-E119CF4F8DE4} - System32\Tasks\{7F471F8C-38C6-4F94-BC8A-0CBAD06FE02A} => C:\Users\MARK\Downloads\musicmatch82.exe

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {6074794B-09C5-4E18-8515-4DBADDC76F61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-22] (Google Inc.)

Task: {67EDB240-E03D-437C-818F-D15D6C99C491} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2130412082-872510349-2259372935-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)

Task: {71802475-5529-4822-B06B-1A00DB7A21E5} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION

Task: {7C4ED347-BB52-4987-95A2-B8F8F280210C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-08-30] (Safer-Networking Ltd.)

Task: {8780C8BE-F54B-47DA-85F9-AFDADD2E4C2C} - System32\Tasks\{7F70CAB2-072C-4D42-AEF6-16B1B69095C7} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

Task: {8F98D4DD-65A0-46CA-B885-29F47ABAEB0B} - System32\Tasks\{F40CE779-309B-4896-974C-AE6E2C94644D} => C:\Program Files\iTunes\iTunes.exe [2015-10-16] (Apple Inc.)

Task: {90C45678-9B30-4EFF-91CC-917E12E06B45} - System32\Tasks\{7849AF3E-8179-490E-B09B-D31FDF213381} => C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [2015-03-18] (AOL Inc.)

Task: {93558FCF-7627-4E1D-9CBC-110CA5A6A88E} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)

Task: {97B89E7B-895D-4E58-BD0A-15C923FF6F5D} - System32\Tasks\{9386CA07-7838-4DD2-938F-C939BD959A61} => C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [2015-03-18] (AOL Inc.)

Task: {9D5A99F4-614F-4311-B8EB-91CB05CA628B} - \Updater26278.exe -> No File <==== ATTENTION

Task: {9F712EF0-97B6-4661-B891-7859479E23A9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-08-30] (Safer-Networking Ltd.)

Task: {A06C3FD6-61F0-43C5-B2C4-697911A016EA} - System32\Tasks\{C1FE1AD8-7E5A-42FE-BFD1-7BE5D2CF6E2B} => Chrome.exe

Task: {A3609FD6-2870-4FEB-BDAD-EA8E11601EEC} - System32\Tasks\{760E2A37-21F8-47EA-9D24-D7D4B99FF369} => pcalua.exe -a C:\Users\MARK\Downloads\GraboidVideoInstaller-4.1.exe -d C:\Users\MARK\Downloads

Task: {A4A69BF8-AD11-4210-882A-8422BBC8E3DC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)

Task: {A909DD0B-138D-4229-9422-97518BFBE2E5} - System32\Tasks\{20F50F2F-8C2B-4F7F-9DDA-FC3F2ACAC9BA} => C:\Program Files (x86)\MultiViewer\MultiViewer.exe

Task: {ADC422A9-F0A7-40D5-B024-B4288E3C0F98} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2130412082-872510349-2259372935-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-08-12] (RealNetworks, Inc.)

Task: {AF4E8988-8683-4AFF-A1DC-B874E3E9DD0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-22] (Google Inc.)

Task: {B26C63DE-3067-4FD6-BA24-FF68C927D36D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2130412082-872510349-2259372935-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-08-12] (RealNetworks, Inc.)

Task: {B7E83BA7-06F3-41D8-8B7D-E52F6488C1E2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2130412082-872510349-2259372935-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)

Task: {BBAA77C7-8BE7-43D3-BCF8-7BCBB44FEA48} - System32\Tasks\{0E5FFA70-B7B3-4AD7-AF23-C403A980856A} => C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe [2007-03-05] ()

Task: {BD09F54A-6D5C-4393-9BDA-2319D1CB3725} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2130412082-872510349-2259372935-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)

Task: {CF997253-70E7-46FA-A97E-46BB686709D4} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {D026AE65-BA76-4145-B862-3BB536091F80} - System32\Tasks\{74A7DDF1-BDA7-4B5A-BA82-F6455C234E40} => C:\Program Files (x86)\MultiViewer\MultiViewer.exe

Task: {D1782047-A988-4544-AC47-E3A3629E46BD} - System32\Tasks\{5B006323-E1AE-4E67-A035-715B6B7DEC4A} => Chrome.exe

Task: {D4F8C6FB-F75E-4BDF-B581-B8F1CAEC1656} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)

Task: {D7334661-9B07-4FB7-83E7-3A155B15E1C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated)

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

Task: {E0522317-F88D-44C0-B297-41942EDABF3C} - System32\Tasks\{D2541205-BA83-43A0-85F2-5776AAAD7C09} => pcalua.exe -a C:\Users\MARK\Desktop\switch.exe -d C:\Users\MARK\Desktop

Task: {E0BD0B9D-F7E7-45B4-9698-B4A1DC18C24E} - System32\Tasks\{15D2093E-FD56-45CB-BB1C-1CDBEBD7356D} => C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [2015-03-18] (AOL Inc.)

Task: {E1312EDA-CBB4-4A58-8E35-FCB3F52CCE1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {E3D600BB-67DA-4B85-BC16-E30120C0D15E} - System32\Tasks\{711738D9-A6C7-442A-B24A-2D60FC80400F} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

Task: {F050F864-D1A1-4F59-9DDD-4C3D8CAB6AB2} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\MARK\Desktop\Fix it - Microsoft ATS.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\WINDOWS\system32\url.dll",FileProtocolHandler "hxxp://support.microsoft.com/fixit"

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 17:05 - 2010-07-19 08:12 - 00394272 _____ () C:\Windows\system32\spool\DRIVERS\x64\x64v05.dll

2013-06-05 12:25 - 2007-02-20 07:30 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbapp6c.dll

2011-12-31 14:54 - 2009-11-04 08:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll

2012-06-20 14:48 - 2012-06-20 14:48 - 00457360 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-07-11 00:04 - 2012-07-11 00:04 - 00022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

2014-08-12 10:34 - 2014-08-12 10:34 - 00039056 ____C () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2005-09-13 17:27 - 2005-09-13 17:27 - 00054784 _____ () C:\Windows\system32\dlbacnv4.dll

2011-12-23 01:39 - 2011-09-22 11:14 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2012-07-11 00:04 - 2012-07-11 00:04 - 03306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll

2012-07-11 00:04 - 2012-07-11 00:04 - 00523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll

2012-07-11 00:04 - 2012-07-11 00:04 - 00108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll

2014-08-05 17:50 - 2010-07-01 19:29 - 00364544 ____C () C:\Program Files (x86)\PIXELA\Transfer Utility\pxl_m17n_tool.dll

2015-03-29 19:14 - 2014-10-31 15:37 - 01498112 ____C () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

2015-03-29 19:14 - 2014-05-19 16:19 - 00137728 ____C () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

2014-11-22 17:07 - 2014-11-22 17:07 - 00172544 ____C () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll

2011-12-23 01:36 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2016-01-21 01:25 - 2016-01-21 01:25 - 17882304 ____C () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll

1996-12-03 23:00 - 1996-12-03 23:00 - 00022016 ____C () C:\Windows\SysWow64\docobj.dll

2016-02-04 18:57 - 2016-02-03 02:27 - 01632584 ____C () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libglesv2.dll

2016-02-04 18:57 - 2016-02-03 02:27 - 00087880 ____C () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libegl.dll

2016-02-04 18:57 - 2016-02-03 02:27 - 16799048 ____C () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\123simsen.com -> www.123simsen.com

There are 7767 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-04 21:14 - 00000091 ___AC C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 65.52.240.48

127.0.0.1 activation.cloud.techsmith.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2130412082-872510349-2259372935-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 209.18.47.61 - 209.18.47.62

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^MARK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.Startup

MSCONFIG\startupfolder: C:^Users^MARK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.Startup

MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

MSCONFIG\startupreg: dlbamon.exe => "C:\Program Files (x86)\Dell AIO Printer A940\dlbamon.exe"

MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

MSCONFIG\startupreg: Google Update => "C:\Users\MARK\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1429832463\ee\AOLSoftware.exe

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe"

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64

MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E47725B1-793E-47F8-A51D-D47915077E97}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe

FirewallRules: [{C0B38D58-D514-4D30-9605-E35058722055}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{E8077E2B-7A09-46CE-BE81-0D23F41AE9B9}] => (Allow) LPort=2869

FirewallRules: [{91153548-46CA-4BF1-AF6F-B53FDD4636A1}] => (Allow) LPort=1900

FirewallRules: [{FFBB9CDF-324A-42BF-A99E-8F3694366730}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{E0F1E95D-1D44-4B30-9011-047A46517505}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{20CA6597-1802-4DA1-95D4-FB9CD0DD405D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{017016BC-B955-4DC7-B8C2-D06FBFFFC8E8}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{496181DC-2CF4-442F-B8A1-04DE69D8978F}] => (Allow) LPort=9700

FirewallRules: [{8807EE42-E68B-4ED2-97EF-2F6E31C9A27E}] => (Allow) LPort=9701

FirewallRules: [{AB09EF36-BF80-4488-A940-B48B3B6C2B82}] => (Allow) LPort=9702

FirewallRules: [{0754C636-8B89-4060-8099-71F2A7AE55A4}] => (Allow) LPort=9700

FirewallRules: [{89044ED6-688E-4710-A789-761A1719D5F5}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe

FirewallRules: [{F0A07444-B1C2-45A2-9032-6157E2A12785}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe

FirewallRules: [{1156D55C-0C48-4034-B005-0C8518F66DE7}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe

FirewallRules: [{6F71B772-77F9-442A-9580-27885EEFE5E3}] => (Allow) C:\Windows\system32\dleacoms.exe

FirewallRules: [{ADE90081-FAC9-49F2-B763-7D28A8B02A90}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe

FirewallRules: [{58E02CF4-8281-4C01-8819-E7A7B26C92C3}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe

FirewallRules: [{48370483-FA69-4088-A6B5-8B1998797163}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe

FirewallRules: [{50397EE7-8F41-4779-B2B5-7EAB9675EB4E}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe

FirewallRules: [{48478190-D0E5-4403-B6CF-7FF0A514000F}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe

FirewallRules: [{30CE7B9D-D13E-4CBC-9749-075EF75542D3}] => (Allow) C:\Windows\System32\dlbacoms.exe

FirewallRules: [{B439A7C9-808D-4B3C-8953-2D162A362E8E}] => (Allow) C:\Windows\System32\dlbacoms.exe

FirewallRules: [{14A036CA-5E8F-41E2-851D-E03C8E0FD488}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe

FirewallRules: [{1AF0A7D2-9761-49D9-87D0-78CCEB78D649}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe

FirewallRules: [{D3183B7A-5D68-40A5-8B9E-99FD0C547499}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe

FirewallRules: [{A499FC28-A7FF-4CE0-A8FA-3D9EA11740C4}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe

FirewallRules: [{B6D8C269-6F5B-4BE1-9D6B-2152DB093A96}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe

FirewallRules: [{4D1CBC80-DF38-4710-870A-D0AE80AC2790}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe

FirewallRules: [{452967D4-A520-48E7-9614-153B20ADF4D0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{7B5F26CB-9AB6-49E6-947B-D621386EDAFA}] => (Allow) C:\Users\MARK\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{0FBB8A8E-59CC-45A8-A1B8-15AFA4EE3D70}] => (Allow) C:\Users\MARK\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{C5374092-D569-446F-AF68-4A6BDE9F9647}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{8EDF948C-D99E-4B44-B91F-DE6C91594DD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{DA636939-D4A9-4331-A77F-E215C44CF718}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe

FirewallRules: [{700CDB56-961D-4577-AF1A-1538EBC5DE2A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe

FirewallRules: [{9DDB8D13-B2A2-49D0-8CB3-99D2480C3A1E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe

FirewallRules: [{8E26B2A5-DA9F-4562-BBB6-CC82D3BD37B8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe

FirewallRules: [{020A6345-A225-45DF-A465-59CE9BA3C1DC}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1429832463\ee\aolsoftware.exe

FirewallRules: [{3079C378-5230-43A2-A980-ABC95799D968}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1429832463\ee\aolsoftware.exe

FirewallRules: [{95F089FE-ECE6-4621-A031-184F7B668CD0}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe

FirewallRules: [{FD323552-DB7B-482A-A79A-A1F356477766}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe

FirewallRules: [{41A38BDC-CDBB-468D-AD5D-67402236BC5B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe

FirewallRules: [{A6BDADEF-FB94-41B4-9E59-47CCAE2BA3BA}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe

FirewallRules: [{89F7BD7B-26F8-4FDC-BD16-38B73717CB84}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe

FirewallRules: [{2D4C6527-9901-4101-A9DB-16B507AC9286}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe

FirewallRules: [{CD1E61A8-17AF-40D9-A307-14FFD81F2944}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe

FirewallRules: [{DD4009E1-E38A-4958-A92F-2317EDDE9ED5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe

FirewallRules: [{3FB5BF84-86D6-40C1-A8F8-6E66137CFA10}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe

FirewallRules: [{ACB42813-E1EE-4540-B91A-8F48C10852BE}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe

FirewallRules: [{5A0BEDEB-0919-49ED-BF9D-F6BDFFA5E1FC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe

FirewallRules: [{D2FEA57F-FDE1-4210-8B25-1DC1E6D375AE}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe

FirewallRules: [{879766EC-A180-4F5E-90F1-3BFC76A2AFB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{2E6F22A2-B0EA-49D5-8F3B-C81DB8D29632}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{83AF5478-2C7F-4908-9D06-4F344D68C664}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{2C0CA2A2-C636-454C-BE8F-6A38B485ACB3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{34E04975-E903-464C-93DE-410217F67868}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{12EA8ED8-66FF-4EF7-BF06-3EF9680AFFB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{88A56006-B9A9-4189-9D77-FA217E2B4E40}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{825CABFE-1A73-4101-A5CA-5067BC8E405B}] => (Allow) LPort=8317

FirewallRules: [{0CA3F631-FE6F-49D6-B215-B05BA675FB3C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-11-2015 17:41:14 Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters

23-11-2015 14:28:39 Scheduled Checkpoint

28-11-2015 19:18:40 Windows Update

07-12-2015 14:42:11 Scheduled Checkpoint

16-12-2015 14:54:06 Scheduled Checkpoint

24-12-2015 14:04:00 Scheduled Checkpoint

31-12-2015 14:37:49 Scheduled Checkpoint

04-01-2016 20:15:18 Installed Camtasia Studio 8

12-01-2016 18:45:11 Scheduled Checkpoint

20-01-2016 15:49:35 Scheduled Checkpoint

20-01-2016 23:38:23 Restore Operation

28-01-2016 14:33:49 Scheduled Checkpoint

02-02-2016 12:23:05 Garmin Express

03-02-2016 12:32:23 Restore Operation

03-02-2016 13:05:03 Garmin Express

06-02-2016 20:24:11 Removed SpyroPortalDriver

==================== Faulty Device Manager Devices =============

Name: DW1501 Wireless-N WLAN Half-Mini Card

Description: DW1501 Wireless-N WLAN Half-Mini Card

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Broadcom

Service: BCM43XX

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (02/06/2016 12:23:38 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2016 01:42:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005

Error: (02/05/2016 12:53:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2016 05:27:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005

Error: (02/04/2016 12:16:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2016 10:57:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005

Error: (02/03/2016 12:54:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2016 12:43:28 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)

Description: Content is missing.

Error Code:a7f42014

Error: (02/03/2016 12:43:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2016 12:28:11 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (02/06/2016 12:25:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The WinDefend service terminated with the following error:

%%126

Error: (02/06/2016 12:24:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (02/06/2016 12:24:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (02/06/2016 12:24:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (02/06/2016 12:24:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (02/06/2016 12:24:24 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

Error: (02/06/2016 12:24:24 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

Error: (02/06/2016 12:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (02/06/2016 12:24:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (02/06/2016 12:24:14 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

CodeIntegrity:

===================================

Date: 2015-10-26 18:28:31.774

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-26 18:28:31.737

Date: 2015-10-26 18:28:31.672

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-26 18:28:31.590

Date: 2015-10-23 14:50:12.722

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\MARK\Desktop\aaaa\recup_dir.58\f11021656.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 14:50:12.672

Date: 2015-10-23 14:50:12.592

Date: 2015-10-23 14:24:34.826

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\MARK\Desktop\aaaa\recup_dir.115\f12895512.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 14:24:34.776

Date: 2015-10-23 14:24:34.700

==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz

Percentage of memory in use: 65%

Total physical RAM: 8174.45 MB

Available physical RAM: 2796.7 MB

Total Virtual: 16347.1 MB

Available Virtual: 7070.57 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:20.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AC289F96)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Help

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,649 views	DR M 06 Apr 2024
Hardware → Hardware, Components and Peripherals → Recover the hard drive Started by Andrew Board , 16 Jan 2024 data recovery, hard drive, help and 1 more...	2 replies 654 views	phillpower2 16 Jan 2024
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,705 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Please, I need serious help with new laptop, INSANELY slow, big virus? Started by muscaria , 29 Mar 2022 help, laptop, virus, event viewer and 3 more...	1 reply 1,517 views	RKinner 29 Mar 2022
Development → Software Development → Help with Python Task please Started by Student1122 , 11 Feb 2021 Python, nested list, programming and 2 more...	3 replies 3,826 views	RKinner 18 Feb 2021