Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

redirect virus in firefox / "Reported Web Forgery" [S

Started by espeed , Dec 26 2014 06:25 PM
firefox redirect Reported Web Forgery

  • This topic is locked This topic is locked

#1
espeed
Posted 26 December 2014 - 06:25 PM

espeed

    New Member

  • Member
  • Pip
  • 9 posts

I am currently dealing with some type of redirect virus.

After identifying the malware/spyware with Windows Defender, I selected the option to remove the malicious software with Windows Defender. Within fifteen minutes, the program reported that the problem had been removed, yet I can still see that the virus' effects seem to be persisting. I ran the Defender program several times again but nothing malicious is being identified anymore, that is when I began to search for solutions online and found this blog.

I found a topic that had also been posted today with the title, " firefox redirect / "Reported Web Forgery" ." The problem described within this topic is identical to the one I am experiencing, the only difference is that I am uing Firefox version 34.0.5. I am not experiencing any problems with IE, but I am experiencing the same problems in my Google Chrome browser. I will paste the symptoms described in this post since they are same as mine.

 

I'm currently experiencing what I think is a redirect type of virus with Firefox. I'm using Firefox 22.0.  I'm not having any issues with IE though.  What happens is, any website I try to visit on FF22,0 takes a long time to load, and in the lower left hand corner of the browser screen, where you usually see a little dialogue letting you know what's loading, there are a ton of unrelated links attempting to load. Eventually, I get taken to a "Reported Web Forgery" screen, giving me two button options: "Get Me Out of Here!" or "Why was this page blocked?"

 

The URL for this page is www,readtwos.com....  So right now I'm not sure if whatever has infected my system is trying to redirect me to this readytwos.com website and Firefox is stopping it, or if the Web Forgery sreen itself is the infection.  Either case, there's a problem.  Any help on this is much appreciated.  I'm attached a screen cap of the screen I'm talking about.

Attached Thumbnails
  • xpost-177497-0-18561300-1419606763_thumb

I followed the instructions provided by the website's responder (BrianDrab) to this topic and scanned with the Farbar Recovery Scan Tool. Here are the FRST.txt & Additional Scan logs, and I am not aware of any intentional internet proxy being set on my computer. Thanks very much for your time, any help is appreciated.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Average Savage (administrator) on LAZLO on 26-12-2014 15:57:37
Running from C:\Users\Average Savage\Desktop
Loaded Profile: Average Savage (Available profiles: Average Savage)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Bootstrap Software Development) C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BSDAppUpdater] => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2013-05-21] (Bootstrap Software Development)
HKLM-x32\...\Run: [OCDLMgr] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-03] (Google Inc.)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [APISupport] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Average Savage\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [Google Update] => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-07] (Google Inc.)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\RunOnce: [Adobe Speed Launcher] => 1419575899
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\MountPoints2: {5eadf00f-9fc7-11e3-8a66-24b6fd532c7b} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\MountPoints2: {fb9f219d-d2f6-11e3-9dd9-24b6fd532c7b} - E:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&cc=US&unqvl=72
HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&cc=US&unqvl=72
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=US&unqvl=72
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=US&unqvl=72
SearchScopes: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=US&unqvl=72
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121004020851.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121004020851.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchoholic.info/?pid=1928&r=2014/12/19&hid=9888276928212164740&lg=EN&cc=US&unqvl=72&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: www.theonion.com
FF Keyword.URL: hxxp://websearch.searchoholic.info/?pid=1928&r=2014/12/19&hid=9888276928212164740&lg=EN&cc=US&unqvl=72&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\searchplugins\WebSearch.xml
FF Extension: YoutuubeAddBlocke - C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\Extensions\[email protected] [2014-12-18]
FF Extension: DOwnuSave - C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\Extensions\[email protected] [2014-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (Google Cast) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-07]
CHR Extension: (MagicScroll Web Reader) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecldhagehndokdmaiaigoaecbmbnmfkc [2014-12-25]
CHR Extension: (Window Expander For YouTube) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog [2014-12-18]
CHR Extension: (AccuWeather) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-07]
CHR Extension: (BuyNsavve) - C:\ProgramData\habaikmcgnehdaefplmiephpkgojijob\ [2014-09-07]
CHR HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Chrome\Extension: [ldmmfhnlekjcmmmlfkhmbhalnokjannj] - C:\Users\Average Savage\AppData\Local\CRE\ldmmfhnlekjcmmmlfkhmbhalnokjannj.crx [2014-08-22]
CHR HKLM-x32\...\Chrome\Extension: [ldmmfhnlekjcmmmlfkhmbhalnokjannj] - C:\Users\Average Savage\AppData\Local\CRE\ldmmfhnlekjcmmmlfkhmbhalnokjannj.crx [2014-08-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173568 2012-10-09] (Dell Products, LP.) [File not signed]
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4123648 2014-12-18] () [File not signed] <==== ATTENTION
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 15:57 - 2014-12-26 15:58 - 00019563 _____ () C:\Users\Average Savage\Desktop\FRST.txt
2014-12-26 15:57 - 2014-12-26 15:57 - 00000000 ___DC () C:\FRST
2014-12-26 15:56 - 2014-12-26 15:56 - 02122752 _____ (Farbar) C:\Users\Average Savage\Desktop\FRST64.exe
2014-12-26 15:54 - 2014-12-26 15:55 - 01114112 _____ (Farbar) C:\Users\Average Savage\Desktop\FRST.exe
2014-12-26 14:45 - 2014-12-26 14:45 - 08423856 _____ (McAfee, Inc.) C:\Users\Average Savage\Downloads\SecurityScan_Release.exe
2014-12-26 14:34 - 2014-12-26 14:34 - 00000000 ____D () C:\Program Files (x86)\BItSaver
2014-12-25 22:45 - 2014-12-26 14:34 - 00000000 ____D () C:\ProgramData\BItSaver
2014-12-25 22:45 - 2014-12-26 14:34 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d
2014-12-18 20:45 - 2014-12-18 20:45 - 00000000 __SHD () C:\Users\Average Savage\AppData\Local\EmieBrowserModeList
2014-12-18 20:39 - 2014-12-18 20:39 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\SimpleFiles
2014-12-18 19:20 - 2014-12-25 23:28 - 00000000 ____D () C:\Program Files (x86)\YoutuubeAddBlocke
2014-12-18 19:20 - 2014-12-25 23:28 - 00000000 ____D () C:\Program Files (x86)\BuyNsaVe
2014-12-18 19:20 - 2014-12-18 19:20 - 00000000 ____D () C:\Program Files (x86)\Window Expander For YouTube
2014-12-18 19:20 - 2014-12-18 19:20 - 00000000 ____D () C:\Program Files (x86)\DeltaFix
2014-12-18 19:19 - 2014-12-18 19:19 - 00000000 ____D () C:\ProgramData\habaikmcgnehdaefplmiephpkgojijob
2014-12-18 19:19 - 2014-12-18 19:19 - 00000000 ____D () C:\ProgramData\5551195122105854317
2014-12-18 19:19 - 2014-12-18 19:19 - 00000000 ____D () C:\Program Files (x86)\BuyNsavve
2014-12-18 02:26 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 02:26 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-10 03:57 - 2014-12-10 03:57 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-10 03:05 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 03:05 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 01:08 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 01:08 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 01:08 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 01:08 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 01:08 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 01:08 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 01:08 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 01:08 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 01:08 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 01:08 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 01:08 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 01:08 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 01:08 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 01:08 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 01:08 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 01:08 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 01:08 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 01:08 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 01:08 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 01:08 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 01:08 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 01:08 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 01:08 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 01:06 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 01:06 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 01:06 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 01:06 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 01:06 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 01:06 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 02:26 - 2014-12-26 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-03 00:56 - 2014-12-03 00:56 - 00001654 _____ () C:\Users\Average Savage\Desktop\tenant_removal_amendment.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 15:57 - 2012-06-03 00:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 15:51 - 2014-09-07 21:01 - 00000944 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA.job
2014-12-26 15:51 - 2012-10-03 17:23 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 15:37 - 2012-06-03 00:04 - 01754270 _____ () C:\windows\WindowsUpdate.log
2014-12-26 15:35 - 2013-09-07 00:57 - 00000000 ____D () C:\Users\Average Savage\Documents\UCDenver
2014-12-26 15:24 - 2009-07-13 22:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-26 15:22 - 2012-06-03 00:41 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-26 15:20 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 15:20 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 15:16 - 2014-04-03 00:27 - 00009216 ___SH () C:\Users\Average Savage\Downloads\Thumbs.db
2014-12-26 14:40 - 2012-10-03 17:15 - 00000422 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2014-12-26 14:38 - 2012-10-04 13:13 - 00003488 _____ () C:\windows\System32\Tasks\PCDEventLauncher
2014-12-26 14:38 - 2012-10-03 17:15 - 00003460 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest
2014-12-25 23:39 - 2013-10-22 12:50 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-25 23:37 - 2012-10-03 17:23 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 23:37 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-25 23:37 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-25 23:37 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-25 23:37 - 2009-07-13 21:51 - 00085127 _____ () C:\windows\setupact.log
2014-12-25 22:05 - 2014-09-07 21:01 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core.job
2014-12-22 17:24 - 2010-11-20 20:47 - 00214092 _____ () C:\windows\PFRO.log
2014-12-18 20:45 - 2014-09-02 06:58 - 00000000 ____D () C:\Users\Average Savage\AppData\Local\tbccint
2014-12-18 20:45 - 2014-09-02 06:58 - 00000000 ____D () C:\Program Files (x86)\Tbccint
2014-12-13 14:07 - 2013-11-20 18:07 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-13 14:07 - 2012-06-03 00:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-13 04:01 - 2014-09-07 20:57 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 13:20 - 2012-10-13 17:54 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\SoftGrid Client
2014-12-11 13:47 - 2012-10-03 17:12 - 00126136 _____ () C:\Users\Average Savage\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-10 04:22 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-12-10 03:57 - 2012-06-03 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 03:57 - 2012-06-03 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 03:57 - 2012-06-03 00:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 03:44 - 2012-10-03 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 03:27 - 2012-11-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:24 - 2013-08-18 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 03:11 - 2012-10-04 13:25 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-08 02:43 - 2012-10-03 17:15 - 00000564 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-07 04:00 - 2012-10-03 17:15 - 00004278 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-12-03 15:11 - 2012-06-03 02:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-30 12:20 - 2014-08-26 09:28 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\GoPro

Some content of TEMP:
====================
C:\Users\Average Savage\AppData\Local\Temp\i4jdel0.exe
C:\Users\Average Savage\AppData\Local\Temp\Java(1).exe
C:\Users\Average Savage\AppData\Local\Temp\lowproc.exe
C:\Users\Average Savage\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Average Savage\AppData\Local\Temp\stubhelper.dll
C:\Users\Average Savage\AppData\Local\Temp\winziprosetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 18:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by Average Savage at 2014-12-26 15:58:26
Running from C:\Users\Average Savage\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Leawo Video Converter version  5.2.0.1 (HKLM-x32\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version:  - )
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Becoming Human 1.0 (HKLM-x32\...\Becoming Human) (Version: 1.0 - Terra Incognita)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BuyNsaVe (HKLM-x32\...\{842C4394-47F7-60DE-480B-C09116B63559}) (Version:  - BuyNsave) <==== ATTENTION
ChromecastApp (HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
ContentEdit (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}) (Version:  - IncrementModule) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
Dell Digital Delivery (HKLM-x32\...\{F91BF1B5-4213-440C-8539-C6EB2F1D1734}) (Version: 2.2.4000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.7.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
MediaWidget 7.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version:  - Bootstrap Development, LLC.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
Window Expander For YouTube (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YoutuubeAddBlocke (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

10-12-2014 03:00:54 Windows Update
12-12-2014 03:00:14 Windows Update
16-12-2014 17:45:43 Windows Update
18-12-2014 03:00:12 Windows Update
25-12-2014 00:29:17 Windows Update
25-12-2014 23:28:07 Windows Defender Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {065A0E99-4221-41BB-A1D5-555AAB30385E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {0C8208D8-692C-4531-967C-168D408002BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {0C8F52A1-8C01-451A-A91F-01B6F2EC0C55} - System32\Tasks\PCDEventLauncher => c:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {0E619A76-82E2-4450-AF60-7E482B42C96C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {2083FBB1-E4F4-4E9B-AEE3-90844634D4AC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2731679655-819755991-414572229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {75266F56-36BE-4304-81BA-31E44CA256E4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {90B04579-7AAA-4BE9-A7F6-335FEE05E559} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2731679655-819755991-414572229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A90F1EE6-5AD9-4E64-882B-B2A1E3CB7339} - System32\Tasks\PCDoctorBackgroundMonitorTask => c:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {DD68D7A2-7C45-4C05-8C6D-E050BC714163} - System32\Tasks\SystemToolsDailyTest => c:\Program Files\Dell Support Center\pcdrcui.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {EEBB03A0-B95E-4B89-8A27-5555EC1623FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F942309D-2FF4-4ED4-B902-955344E401E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {FF5A1A52-DC1C-4EF7-90B7-A1F830B2E115} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core.job => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA.job => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => c:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => c:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2011-03-09 10:41 - 2011-03-09 10:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2012-06-03 00:42 - 2012-01-26 19:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-06-03 02:33 - 2011-03-25 18:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-27 17:26 - 2011-06-27 17:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2011-06-29 06:52 - 2011-06-29 06:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-18 19:20 - 2014-12-18 19:20 - 04123648 _____ () c:\Program Files (x86)\DeltaFix\DeltaFix.dll
2010-03-05 08:24 - 2010-03-05 08:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 13:52 - 2010-03-22 13:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 21:20 - 2011-06-24 21:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 17:25 - 2011-06-27 17:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 21:21 - 2011-06-24 21:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 17:52 - 2010-03-11 17:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 13:07 - 2010-03-05 13:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 13:07 - 2010-03-05 13:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 17:52 - 2010-03-11 17:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-16 17:18 - 2014-10-16 17:18 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2012-06-03 00:13 - 2011-01-12 15:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2731679655-819755991-414572229-500 - Administrator - Disabled)
Average Savage (S-1-5-21-2731679655-819755991-414572229-1000 - Administrator - Enabled) => C:\Users\Average Savage
Guest (S-1-5-21-2731679655-819755991-414572229-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2731679655-819755991-414572229-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2014 11:39:44 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (12/25/2014 11:38:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 00:17:26 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (12/23/2014 07:27:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11357

Error: (12/23/2014 07:27:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11357

Error: (12/23/2014 07:27:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 07:27:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10281

Error: (12/23/2014 07:27:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10281

Error: (12/23/2014 07:27:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/23/2014 07:27:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9267


System errors:
=============
Error: (12/25/2014 11:39:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2014 01:27:12 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer PETUNIA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{474D0832-46AF-4FEE-A308-AE3B3D90F3AC}.
The master browser is stopping or an election is being forced.

Error: (12/22/2014 05:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/18/2014 02:11:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error: (12/18/2014 02:11:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Google Software Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 900000 milliseconds: Restart the service.

Error: (12/14/2014 09:23:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error: (12/14/2014 09:23:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Google Software Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 900000 milliseconds: Restart the service.

Error: (12/12/2014 01:20:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/12/2014 01:19:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/10/2014 00:50:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:51:27 PM on ‎12/‎9/‎2014 was unexpected.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 42%
Total physical RAM: 4004.27 MB
Available physical RAM: 2293.36 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 6266.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:119.36 GB) NTFS
Drive y: (Recovery) (Fixed) (Total:19.53 GB) (Free:11.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7D6721EE)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


  • 0

Advertisements

#2
BrianDrab
Posted 26 December 2014 - 06:52 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

I'll review your logs and get back to you.


  • 0

#3
BrianDrab
Posted 27 December 2014 - 01:23 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Step#1 - Warnings

No Antivirus Detected
It's critical that you have a reputable antivirus software installed on your machine at all times. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed a couple recommended free AV's below in Step#4 which are as good as any paid subscription AV, as long as you allow them to update themselves.

 

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): Vuze

To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

 

Chrome Development Build

It appears that you have a Development build of Chrome installed. If there's not a specific reason you have this on your machine then it's extremely likely that malware is at fault. We'll deal with this after we clean up your machine so it doesn't leave you vulnerable.

 

 

Step#2 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

BuyNsaVe
ContentEdit
YoutuubeAddBlocke

Window Expander For YouTube (you can keep if you actual use this one)

 

 

Step#3 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   4.8KB   324 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#4 - Download/Install an AV Program.

Before continuing on you need to download and install one to prevent any infections from spreading. I use Microsoft Security Essentials on my home machines but the choice is yours.
 
Microsoft Security Essentials
Avast! (If you decide on this one, please ensure you uncheck the Google Toolbar and Google Chrome that is offered on the first screen of the install...unless you want them for some reason). In addition if you choose Avast!, please ensure that Windows Defender is disabled. Instructions for doing so are here.

 

Please let me know which one you decide to download and install.

 

 

 

Step#5 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#6 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
  
 
Items for your next post

1. FRST Fix log

2. Which AV did you choose?

3. AdwCleaner log
4. FRST and Addition logs


  • 0

#4
espeed
Posted 27 December 2014 - 02:48 PM

espeed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello Brian,

I began to uninstall each program on the list you provided, but was only successful in uninstalling the "ContentEdit" without having to reboot. The other three programs each had the same prompt (I've attached a jpeg screenshot) pop-up informing me that I must reboot for each attempt. I did not proceed any further since you told me to not restart until all have been successfully uninstalled, what would you advise me to do next?
Thanks again for your time

Attached Thumbnails

  • screenshot.jpg

  • 0

#5
BrianDrab
Posted 27 December 2014 - 03:36 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

On that particular message, please ensure you click No which will uninstall the Add-on and reboot your machine. Very tricky message. Most people would just click Yes so thanks for asking.


  • 0

#6
espeed
Posted 28 December 2014 - 03:09 PM

espeed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Ok, I uninstalled the P2P program as you advised as well as the list of programs you provided. I chose the AW program you suggested, MSE Avast!, to download and install. I also successfully completed all other steps and have a fresh set of logs for you to review.

The virus' effect cannot be detected any longer, and it seems that the problem has been resolved. I want to thank you very much for helping me clean up this headache, especially over the holidays. Have a happy New Year.

 

 

FRST Fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Average Savage at 2014-12-27 16:29:35 Run:1
Running from C:\Users\Average Savage\Desktop
Loaded Profile: Average Savage (Available profiles: Average Savage)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OCDLMgr] => [X]
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [APISupport] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Average Savage\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
C:\Users\Average Savage\AppData\Local\TB
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\MountPoints2: {5eadf00f-9fc7-11e3-8a66-24b6fd532c7b} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\MountPoints2: {fb9f219d-d2f6-11e3-9dd9-24b6fd532c7b} - E:\LaunchU3.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&cc=US&unqvl=72
HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&cc=US&unqvl=72
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=US&unqvl=72
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=US&unqvl=72
SearchScopes: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=US&unqvl=72
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121004020851.dll No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121004020851.dll No File
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchoholic.info/?pid=1928&r=2014/12/19&hid=9888276928212164740&lg=EN&cc=US&unqvl=72&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.searchoholic.info/?pid=1928&r=2014/12/19&hid=9888276928212164740&lg=EN&cc=US&unqvl=72&l=1&q=
FF SearchPlugin: C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\searchplugins\WebSearch.xml
FF Extension: YoutuubeAddBlocke - C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\Extensions\[email protected] [2014-12-18]
FF Extension: DOwnuSave - C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\Extensions\[email protected] [2014-12-25]
CHR Extension: (BuyNsavve) - C:\ProgramData\habaikmcgnehdaefplmiephpkgojijob\ [2014-09-07]
CHR HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Chrome\Extension: [ldmmfhnlekjcmmmlfkhmbhalnokjannj] - C:\Users\Average Savage\AppData\Local\CRE\ldmmfhnlekjcmmmlfkhmbhalnokjannj.crx [2014-08-22]
CHR HKLM-x32\...\Chrome\Extension: [ldmmfhnlekjcmmmlfkhmbhalnokjannj] - C:\Users\Average Savage\AppData\Local\CRE\ldmmfhnlekjcmmmlfkhmbhalnokjannj.crx [2014-08-22]
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4123648 2014-12-18] () [File not signed] <==== ATTENTION
c:\Program Files (x86)\DeltaFix\DeltaFix.dll
2014-12-26 14:34 - 2014-12-26 14:34 - 00000000 ____D () C:\Program Files (x86)\BItSaver
2014-12-25 22:45 - 2014-12-26 14:34 - 00000000 ____D () C:\ProgramData\BItSaver
2014-12-25 22:45 - 2014-12-26 14:34 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d
2014-12-18 19:20 - 2014-12-25 23:28 - 00000000 ____D () C:\Program Files (x86)\YoutuubeAddBlocke
2014-12-18 19:20 - 2014-12-25 23:28 - 00000000 ____D () C:\Program Files (x86)\BuyNsaVe
2014-12-18 19:20 - 2014-12-18 19:20 - 00000000 ____D () C:\Program Files (x86)\DeltaFix
2014-12-18 19:19 - 2014-12-18 19:19 - 00000000 ____D () C:\ProgramData\habaikmcgnehdaefplmiephpkgojijob
2014-12-18 19:19 - 2014-12-18 19:19 - 00000000 ____D () C:\ProgramData\5551195122105854317
2014-12-18 19:19 - 2014-12-18 19:19 - 00000000 ____D () C:\Program Files (x86)\BuyNsavve
2014-12-18 20:45 - 2014-09-02 06:58 - 00000000 ____D () C:\Users\Average Savage\AppData\Local\tbccint
2014-12-18 20:45 - 2014-09-02 06:58 - 00000000 ____D () C:\Program Files (x86)\Tbccint
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Thunderbird\Extensions:  [[email protected]] - C:\Program Files\McAfee\MSK
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
C:\Program Files\McAfee
C:\Program Files (x86)\Common Files\McAfee
C:\Program Files\Common Files\McAfee
2014-12-26 14:45 - 2014-12-26 14:45 - 08423856 _____ (McAfee, Inc.) C:\Users\Average Savage\Downloads\SecurityScan_Release.exe
cmd: bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\OCDLMgr => value deleted successfully.
HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\\APISupport => value deleted successfully.
C:\Users\Average Savage\AppData\Local\TB => Moved successfully.
"HKU\S-1-5-21-2731679655-819755991-414572229-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5eadf00f-9fc7-11e3-8a66-24b6fd532c7b}" => Key deleted successfully.
HKCR\CLSID\{5eadf00f-9fc7-11e3-8a66-24b6fd532c7b} => Key not found.
"HKU\S-1-5-21-2731679655-819755991-414572229-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9f219d-d2f6-11e3-9dd9-24b6fd532c7b}" => Key deleted successfully.
HKCR\CLSID\{fb9f219d-d2f6-11e3-9dd9-24b6fd532c7b} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
"HKU\S-1-5-21-2731679655-819755991-414572229-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
"HKU\S-1-5-21-2731679655-819755991-414572229-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key not found.
"HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key not found.
"HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\searchplugins\WebSearch.xml => Moved successfully.
C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\Extensions\[email protected] => Moved successfully.
C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\Extensions\[email protected] => Moved successfully.
C:\ProgramData\habaikmcgnehdaefplmiephpkgojijob\ => Moved successfully.
"HKU\S-1-5-21-2731679655-819755991-414572229-1000\SOFTWARE\Google\Chrome\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj" => Key deleted successfully.
C:\Users\Average Savage\AppData\Local\CRE\ldmmfhnlekjcmmmlfkhmbhalnokjannj.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj" => Key deleted successfully.
"C:\Users\Average Savage\AppData\Local\CRE\ldmmfhnlekjcmmmlfkhmbhalnokjannj.crx" => File/Directory not found.
fc67e7a0 => Service not found.
"c:\Program Files (x86)\DeltaFix\DeltaFix.dll" => File/Directory not found.
C:\Program Files (x86)\BItSaver => Moved successfully.
C:\ProgramData\BItSaver => Moved successfully.
C:\ProgramData\4d09ce8d5400296d => Moved successfully.
"C:\Program Files (x86)\YoutuubeAddBlocke" => File/Directory not found.
"C:\Program Files (x86)\BuyNsaVe" => File/Directory not found.
"C:\Program Files (x86)\DeltaFix" => File/Directory not found.
"C:\ProgramData\habaikmcgnehdaefplmiephpkgojijob" => File/Directory not found.
C:\ProgramData\5551195122105854317 => Moved successfully.
C:\Program Files (x86)\BuyNsavve => Moved successfully.
C:\Users\Average Savage\AppData\Local\tbccint => Moved successfully.
C:\Program Files (x86)\Tbccint => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\FF HKLM-x32\...\Thunderbird\Extensions:  [[email protected]] - C:\Program Files\McAfee\MSK\\FF HKLM-x32\...\Thunderbird\Extensions:  [[email protected]] - C:\Program Files\McAfee\MSK => Value not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll not found.
"C:\Program Files\McAfee" => File/Directory not found.
C:\Program Files (x86)\Common Files\McAfee => Moved successfully.
"C:\Program Files\Common Files\McAfee" => File/Directory not found.
C:\Users\Average Savage\Downloads\SecurityScan_Release.exe => Moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{E988D4CA-9A17-4289-81A9-0B19AAAE0B28} canceled.
{16EDD92A-790C-47CE-9F5B-4F059DE667A9} canceled.
{2EC8B4A6-5635-42BB-B191-4DE7B4682CBD} canceled.
{57DA9FB7-73BE-4925-A09F-A41D024CDF12} canceled.
{F2B758FF-6D3B-4503-8624-086B52B00332} canceled.
{21F58E06-059D-4CA3-9254-A3F5CAE7499F} canceled.
{04D6C624-99BD-4DA2-9F6A-883BD500C250} canceled.
{A5B1287A-593B-4C14-9569-D913AC0181E9} canceled.
{FB846F43-EB52-4CE6-A126-421F0A2D3A8B} canceled.
9 out of 9 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 4.6 GB temporary data.

The system needed a reboot.

==== End of Fixlog 16:31:23 ====

 

 

AdWCleaner log

 

# AdwCleaner v4.106 - Report created 28/12/2014 at 13:36:46
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Average Savage - LAZLO
# Running from : C:\Users\Average Savage\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\Users\Average Savage\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Average Savage\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\Average Savage\AppData\Roaming\SimpleFiles
File Deleted : C:\END
File Deleted : C:\windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3312269
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4a706c4b-0995-49c1-9e44-e3fbb707613b}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4a706c4b-0995-49c1-9e44-e3fbb707613b}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4a706c4b-0995-49c1-9e44-e3fbb707613b}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SimpleFiles
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[jfk9sti7.default\prefs.js] - Line Deleted : user_pref("CT3312269_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1409666322291,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[jfk9sti7.default\prefs.js] - Line Deleted : user_pref("extensions.1GOhqv3VJKBBFCZS.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[jfk9sti7.default\prefs.js] - Line Deleted : user_pref("extensions.KIU0wKC5wScjD85w.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[jfk9sti7.default\prefs.js] - Line Deleted : user_pref("extensions.z0GLftVwG7oHto1y.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[jfk9sti7.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "NILI/FIL507JFQMXAAHOYOMQQJAAQTX10F9W4F3G/TT26ZUWGPIZCLBAVEHKJXRFYEKWNIXNIE7WC1MU3ACXFQ");

-\\ Google Chrome v39.0.2171.95

[C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=1928&r=2014/12/19&hid=9888276928212164740&lg=EN&cc=US&unqvl=72
[C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://websearch.searchoholic.info/?pid=1928&r=2014/12/19&hid=9888276928212164740&lg=EN&cc=US&unqvl=72
[C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.searchoholic.info/?pid=1928&r=2014/12/19&hid=9888276928212164740&lg=EN&cc=US&unqvl=72

*************************

AdwCleaner[R0].txt - [5991 octets] - [28/12/2014 13:33:52]
AdwCleaner[S0].txt - [5812 octets] - [28/12/2014 13:36:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5872 octets] ##########

 

FRST.text log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Average Savage (administrator) on LAZLO on 28-12-2014 13:58:55
Running from C:\Users\Average Savage\Desktop
Loaded Profile: Average Savage (Available profiles: Average Savage)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Bootstrap Software Development) C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BSDAppUpdater] => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2013-05-21] (Bootstrap Software Development)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-03] (Google Inc.)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [Google Update] => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-07] (Google Inc.)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\RunOnce: [Adobe Speed Launcher] => 1419799193
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default
FF DefaultSearchEngine: Google
FF Homepage: www.theonion.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (Google Cast) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-07]
CHR Extension: (MagicScroll Web Reader) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecldhagehndokdmaiaigoaecbmbnmfkc [2014-12-25]
CHR Extension: (Window Expander For YouTube) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog [2014-12-18]
CHR Extension: (AccuWeather) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173568 2012-10-09] (Dell Products, LP.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 13:44 - 2014-12-28 13:44 - 00000000 ____D () C:\Users\Average Savage\Desktop\FRST-OlderVersion
2014-12-28 13:33 - 2014-12-28 13:36 - 00000000 ___DC () C:\AdwCleaner
2014-12-27 19:00 - 2014-12-27 19:00 - 02173952 _____ () C:\Users\Average Savage\Desktop\AdwCleaner.exe
2014-12-27 18:58 - 2014-12-27 18:58 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-27 18:58 - 2014-12-27 18:58 - 00001945 _____ () C:\windows\epplauncher.mif
2014-12-27 18:57 - 2014-12-27 18:58 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2014-12-27 18:57 - 2014-12-27 18:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-27 16:24 - 2014-12-27 16:24 - 00004920 _____ () C:\Users\Average Savage\Downloads\fixlist.txt
2014-12-27 13:14 - 2014-12-27 16:30 - 00000000 ____D () C:\ProgramData\3872871776
2014-12-26 15:58 - 2014-12-26 15:58 - 00027472 _____ () C:\Users\Average Savage\Desktop\Addition.txt
2014-12-26 15:57 - 2014-12-28 13:59 - 00015940 _____ () C:\Users\Average Savage\Desktop\FRST.txt
2014-12-26 15:57 - 2014-12-28 13:58 - 00000000 ___DC () C:\FRST
2014-12-26 15:56 - 2014-12-28 13:44 - 02123264 ____C (Farbar) C:\Users\Average Savage\Desktop\FRST64.exe
2014-12-18 20:45 - 2014-12-18 20:45 - 00000000 __SHD () C:\Users\Average Savage\AppData\Local\EmieBrowserModeList
2014-12-18 02:26 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 02:26 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-10 03:57 - 2014-12-10 03:57 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-10 03:05 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 03:05 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 01:08 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 01:08 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 01:08 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 01:08 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 01:08 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 01:08 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 01:08 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 01:08 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 01:08 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 01:08 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 01:08 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 01:08 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 01:08 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 01:08 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 01:08 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 01:08 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 01:08 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 01:08 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 01:08 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 01:08 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 01:08 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 01:08 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 01:08 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 01:06 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 01:06 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 01:06 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 01:06 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 01:06 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 01:06 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 02:26 - 2014-12-26 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-03 00:56 - 2014-12-03 00:56 - 00001654 _____ () C:\Users\Average Savage\Desktop\tenant_removal_amendment.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 13:59 - 2012-10-03 17:15 - 00000422 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2014-12-28 13:57 - 2012-06-03 00:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-28 13:51 - 2014-09-07 21:01 - 00000944 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA.job
2014-12-28 13:51 - 2012-10-03 17:23 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 13:46 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 13:46 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 13:43 - 2012-06-03 00:04 - 01929817 _____ () C:\windows\WindowsUpdate.log
2014-12-28 13:41 - 2013-10-22 12:50 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-28 13:40 - 2012-06-03 00:41 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-28 13:39 - 2012-10-03 17:23 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-28 13:39 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-28 13:39 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-28 13:38 - 2010-11-20 20:47 - 00214746 _____ () C:\windows\PFRO.log
2014-12-28 13:38 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-28 13:38 - 2009-07-13 21:51 - 00086899 _____ () C:\windows\setupact.log
2014-12-28 13:30 - 2009-07-13 22:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-27 18:51 - 2014-09-07 21:01 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core.job
2014-12-27 16:30 - 2014-09-02 06:58 - 00000000 ____D () C:\Users\Average Savage\AppData\Local\CRE
2014-12-27 16:12 - 2012-10-13 17:54 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\SoftGrid Client
2014-12-27 16:09 - 2012-10-04 13:13 - 00003488 _____ () C:\windows\System32\Tasks\PCDEventLauncher
2014-12-27 16:09 - 2012-10-03 17:15 - 00003460 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest
2014-12-26 19:57 - 2012-10-03 17:23 - 00000000 ____D () C:\Users\Average Savage\AppData\Local\Google
2014-12-26 15:35 - 2013-09-07 00:57 - 00000000 ____D () C:\Users\Average Savage\Documents\UCDenver
2014-12-26 15:16 - 2014-04-03 00:27 - 00009216 ___SH () C:\Users\Average Savage\Downloads\Thumbs.db
2014-12-13 14:07 - 2013-11-20 18:07 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-13 14:07 - 2012-06-03 00:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-11 13:47 - 2012-10-03 17:12 - 00126136 _____ () C:\Users\Average Savage\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-10 04:22 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-12-10 03:57 - 2012-06-03 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 03:57 - 2012-06-03 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 03:57 - 2012-06-03 00:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 03:44 - 2012-10-03 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 03:27 - 2012-11-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:24 - 2013-08-18 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 03:11 - 2012-10-04 13:25 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-08 02:43 - 2012-10-03 17:15 - 00000564 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-07 04:00 - 2012-10-03 17:15 - 00004278 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-12-03 15:11 - 2012-06-03 02:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-30 12:20 - 2014-08-26 09:28 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\GoPro

Some content of TEMP:
====================
C:\Users\Average Savage\AppData\Local\Temp\Quarantine.exe
C:\Users\Average Savage\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-26 16:18

==================== End Of Log ============================

 

 

Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Average Savage at 2014-12-28 14:00:16
Running from C:\Users\Average Savage\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Leawo Video Converter version  5.2.0.1 (HKLM-x32\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version:  - )
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Becoming Human 1.0 (HKLM-x32\...\Becoming Human) (Version: 1.0 - Terra Incognita)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
Dell Digital Delivery (HKLM-x32\...\{F91BF1B5-4213-440C-8539-C6EB2F1D1734}) (Version: 2.2.4000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.7.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
MediaWidget 7.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version:  - Bootstrap Development, LLC.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

12-12-2014 03:00:14 Windows Update
16-12-2014 17:45:43 Windows Update
18-12-2014 03:00:12 Windows Update
25-12-2014 00:29:17 Windows Update
25-12-2014 23:28:07 Windows Defender Checkpoint
27-12-2014 16:29:40 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {065A0E99-4221-41BB-A1D5-555AAB30385E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {0C8208D8-692C-4531-967C-168D408002BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {0C8F52A1-8C01-451A-A91F-01B6F2EC0C55} - System32\Tasks\PCDEventLauncher => c:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {0E619A76-82E2-4450-AF60-7E482B42C96C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {2083FBB1-E4F4-4E9B-AEE3-90844634D4AC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2731679655-819755991-414572229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {75266F56-36BE-4304-81BA-31E44CA256E4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {90B04579-7AAA-4BE9-A7F6-335FEE05E559} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2731679655-819755991-414572229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A90F1EE6-5AD9-4E64-882B-B2A1E3CB7339} - System32\Tasks\PCDoctorBackgroundMonitorTask => c:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {DD68D7A2-7C45-4C05-8C6D-E050BC714163} - System32\Tasks\SystemToolsDailyTest => c:\Program Files\Dell Support Center\pcdrcui.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {EEBB03A0-B95E-4B89-8A27-5555EC1623FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F942309D-2FF4-4ED4-B902-955344E401E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {FF5A1A52-DC1C-4EF7-90B7-A1F830B2E115} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core.job => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA.job => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => c:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => c:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2011-03-09 10:41 - 2011-03-09 10:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2012-06-03 00:42 - 2012-01-26 19:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-06-03 02:33 - 2011-03-25 18:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-27 17:26 - 2011-06-27 17:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-06-29 06:52 - 2011-06-29 06:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-05 08:24 - 2010-03-05 08:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 13:52 - 2010-03-22 13:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 21:20 - 2011-06-24 21:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 17:25 - 2011-06-27 17:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 21:21 - 2011-06-24 21:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 17:52 - 2010-03-11 17:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 13:07 - 2010-03-05 13:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 13:07 - 2010-03-05 13:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 17:52 - 2010-03-11 17:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-16 17:18 - 2014-10-16 17:18 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2012-06-03 00:13 - 2011-01-12 15:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2731679655-819755991-414572229-500 - Administrator - Disabled)
Average Savage (S-1-5-21-2731679655-819755991-414572229-1000 - Administrator - Enabled) => C:\Users\Average Savage
Guest (S-1-5-21-2731679655-819755991-414572229-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2731679655-819755991-414572229-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2014 01:41:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (12/28/2014 01:39:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 08:24:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7223

Error: (12/27/2014 08:24:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7223

Error: (12/27/2014 08:24:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/27/2014 08:24:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6131

Error: (12/27/2014 08:24:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6131

Error: (12/27/2014 08:24:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/27/2014 08:24:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5133

Error: (12/27/2014 08:24:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5133

System errors:
=============
Error: (12/28/2014 01:41:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/28/2014 01:37:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv64.dll

Error: (12/28/2014 01:37:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv64.dll

Error: (12/28/2014 01:37:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv64.dll

Error: (12/28/2014 01:36:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/28/2014 01:36:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/28/2014 01:36:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell DataSafe Online service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (12/28/2014 01:36:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/28/2014 01:36:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/28/2014 01:36:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 43%
Total physical RAM: 4004.27 MB
Available physical RAM: 2270.07 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 6021.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:123.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7D6721EE)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 


  • 0

#7
BrianDrab
Posted 29 December 2014 - 12:30 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem. Things are looking better but we still have some things to clean up and some due diligence to ensure there is nothing else lurking about. Please follow the instructions below.

 

Step#1 - Uninstalls

 

Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

Shared C Run-time for x64
 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   469bytes   256 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - JRT
Note: Please disable your Antivirus Software before doing Bullet#1. Info on how to do this is here.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

Step#4 - Uninstall/Re-install Chrome

Because the malware modified your Chrome version, it's now vulnerable and unstable. Please uninstall Google Chrome from Add/Remove programs. If you don't use Chrome you can leave it uninstalled. If you do use Chrome, then you can re-download a new stable version and install.

 

Step#5 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step#6 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

 

 

  

 

 

Items for your next post

1. FRST Fix Log

2. JRT Log

3. Rootkit Scan log

4. Fresh FRST and Addition logs


  • 0

#8
espeed
Posted 29 December 2014 - 06:05 PM

espeed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I was able to uninstall the Google Chrome without a problem, but the Shared C Run-Time for x64 I was not able to find on the list of programs.

Here are the fresh logs to review, but I'm not sure if the MBR file is the correct one. I wasn't able to open the MBR.dat file, but have posted the aswMBR here instead.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Average Savage at 2014-12-29 15:33:04 Run:2
Running from C:\Users\Average Savage\Desktop
Loaded Profile: Average Savage (Available profiles: Average Savage)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
2014-12-27 13:14 - 2014-12-27 16:30 - 00000000 ____D () C:\ProgramData\3872871776
CHR Extension: (Window Expander For YouTube) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog [2014-12-18]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
EmptyTemp:

*****************

Restore point was successfully created.
C:\ProgramData\3872871776 => Moved successfully.
C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value deleted successfully.
c:\progra~2\mcafee\msc\npmcsn~1.dll not found.
EmptyTemp: => Removed 523.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 15:34:02 ====

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Average Savage on Mon 12/29/2014 at 15:55:50.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-316F10F7.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Average Savage\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Average Savage\appdata\local\{EC159221-8544-4272-9AE2-2E2ACB3A39A8}

 

~~~ FireFox

Successfully deleted the following from C:\Users\Average Savage\AppData\Roaming\mozilla\firefox\profiles\jfk9sti7.default\prefs.js

user_pref("extensions.z0GLftVwG7oHto1y.url", "hxxp://syncs-jpi.info/sync2/?q=hfZ9ofV9CShEAen0rjUGpchTB6lKDzt4olljtNtVh7n0rjnFrTw4rdsGrdw8tMFHhd9FqdwGrjUErTsFrjaMDMlGojUMAe4Uoj
user_pref("valueApps.storage.mam_gk_userId", "31343566666236612D643932312D346365642D396332662D373838336661303434626565");
Emptied folder: C:\Users\Average Savage\AppData\Roaming\mozilla\firefox\profiles\jfk9sti7.default\minidumps [81 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/29/2014 at 15:58:45.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-29 16:03:47
-----------------------------
16:03:47.523    OS Version: Windows x64 6.1.7601 Service Pack 1
16:03:47.523    Number of processors: 2 586 0x2A07
16:03:47.523    ComputerName: LAZLO  UserName:
16:03:49.380    Initialize success
16:03:49.473    VM: initialized successfully
16:03:49.473    VM: Intel CPU virtualization not supported
16:06:38.610    AVAST engine defs: 14122901
16:07:35.301    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:07:35.316    Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3
16:07:35.457    Disk 0 MBR read successfully
16:07:35.457    Disk 0 MBR scan
16:07:35.472    Disk 0 Windows 7 default MBR code
16:07:35.488    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      100 MB offset 2048
16:07:35.488    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        20000 MB offset 206848
16:07:35.488    Disk 0 Boot: NTFS     code=1
16:07:35.504    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       456838 MB offset 41166848
16:07:35.566    Disk 0 scanning C:\windows\system32\drivers
16:07:45.784    Service scanning
16:08:14.848    Modules scanning
16:08:14.864    Disk 0 trace - called modules:
16:08:14.910    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:08:14.910    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004616060]
16:08:14.926    3 CLASSPNP.SYS[fffff880013b143f] -> nt!IofCallDriver -> [0xfffffa80040b75a0]
16:08:14.942    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040be050]
16:08:16.923    AVAST engine scan C:\windows
16:08:20.480    AVAST engine scan C:\windows\system32
16:11:38.538    AVAST engine scan C:\windows\system32\drivers
16:11:51.034    AVAST engine scan C:\Users\Average Savage
16:36:47.801    AVAST engine scan C:\ProgramData
16:38:07.174    Disk 0 statistics 4273174/0/0 @ 1.37 MB/s
16:38:07.190    Scan finished successfully
16:47:26.825    Disk 0 MBR has been saved successfully to "C:\Users\Average Savage\Desktop\MBR.dat"
16:47:26.825    The log file has been saved successfully to "C:\Users\Average Savage\Desktop\aswMBR.txt"

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Average Savage (administrator) on LAZLO on 29-12-2014 16:58:50
Running from C:\Users\Average Savage\Desktop
Loaded Profile: Average Savage (Available profiles: Average Savage)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bootstrap Software Development) C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(AVAST Software) C:\Users\Average Savage\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BSDAppUpdater] => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2013-05-21] (Bootstrap Software Development)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [removeSettingsManagerdatamngr] => cmd.exe /c RD /S /Q "C:\Program Files (x86)\Settings Manager"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-03] (Google Inc.)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [Google Update] => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-07] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-s...&tm=576&src=hmp
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...&p={searchTerms}
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...&p={searchTerms}
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=492&aid=165&itype=a&ver=15005&tm=576&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=165&itype=a&ver=15005&tm=576&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (Google Cast) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-07]
CHR Extension: (MagicScroll Web Reader) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecldhagehndokdmaiaigoaecbmbnmfkc [2014-12-25]
CHR Extension: (AccuWeather) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173568 2012-10-09] (Dell Products, LP.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
S2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R4 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc3.cfg [X]
U3 aswMBR; \??\C:\Users\AVERAG~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\AVERAG~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 16:58 - 2014-12-29 16:59 - 00017062 _____ () C:\Users\Average Savage\Desktop\FRST.txt
2014-12-29 16:52 - 2014-12-29 16:57 - 00000000 ____D () C:\Users\Average Savage\AppData\Local\Linkey
2014-12-29 16:52 - 2014-12-29 16:52 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\FirefoxToolbar
2014-12-29 16:52 - 2014-12-29 16:52 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-12-29 16:51 - 2014-12-29 16:51 - 18816752 _____ (Bitberry Software ) C:\Users\Average Savage\Downloads\FreeFileViewerSetup.exe
2014-12-29 16:51 - 2014-12-29 16:51 - 00804768 _____ ( ) C:\Users\Average Savage\Desktop\FreeFileViewerDMSetup.exe
2014-12-29 16:47 - 2014-12-29 16:47 - 00002232 _____ () C:\Users\Average Savage\Desktop\aswMBR.txt
2014-12-29 16:47 - 2014-12-29 16:47 - 00000512 _____ () C:\Users\Average Savage\Desktop\MBR.dat
2014-12-29 16:03 - 2014-12-29 16:03 - 05198336 _____ (AVAST Software) C:\Users\Average Savage\Desktop\aswMBR.exe
2014-12-29 15:58 - 2014-12-29 15:58 - 00001645 _____ () C:\Users\Average Savage\Desktop\JRT.txt
2014-12-29 15:55 - 2014-12-29 15:55 - 00000000 ____D () C:\windows\ERUNT
2014-12-29 15:50 - 2014-12-29 15:50 - 01707939 _____ (Thisisu) C:\Users\Average Savage\Desktop\JRT.exe
2014-12-28 14:16 - 2014-12-29 15:32 - 00000000 ____D () C:\Users\Average Savage\Desktop\Antivirus
2014-12-28 13:33 - 2014-12-28 13:36 - 00000000 ___DC () C:\AdwCleaner
2014-12-27 18:58 - 2014-12-27 18:58 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-27 18:58 - 2014-12-27 18:58 - 00001945 _____ () C:\windows\epplauncher.mif
2014-12-27 18:57 - 2014-12-27 18:58 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2014-12-27 18:57 - 2014-12-27 18:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-27 16:24 - 2014-12-27 16:24 - 00004920 _____ () C:\Users\Average Savage\Downloads\fixlist.txt
2014-12-26 15:57 - 2014-12-29 16:58 - 00000000 ___DC () C:\FRST
2014-12-26 15:56 - 2014-12-28 13:44 - 02123264 ____C (Farbar) C:\Users\Average Savage\Desktop\FRST64.exe
2014-12-18 20:45 - 2014-12-18 20:45 - 00000000 __SHD () C:\Users\Average Savage\AppData\Local\EmieBrowserModeList
2014-12-18 02:26 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 02:26 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-10 03:57 - 2014-12-10 03:57 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-10 03:05 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 03:05 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 01:08 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 01:08 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 01:08 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 01:08 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 01:08 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 01:08 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 01:08 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 01:08 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 01:08 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 01:08 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 01:08 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 01:08 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 01:08 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 01:08 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 01:08 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 01:08 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 01:08 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 01:08 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 01:08 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 01:08 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 01:08 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 01:08 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 01:08 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 01:06 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 01:06 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 01:06 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 01:06 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 01:06 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 01:06 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 02:26 - 2014-12-26 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-03 00:56 - 2014-12-03 00:56 - 00001654 _____ () C:\Users\Average Savage\Desktop\tenant_removal_amendment.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 16:57 - 2012-06-03 00:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 16:52 - 2012-06-03 00:04 - 01989505 _____ () C:\windows\WindowsUpdate.log
2014-12-29 16:51 - 2014-09-07 21:01 - 00000944 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA.job
2014-12-29 16:51 - 2012-10-03 17:23 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 15:55 - 2012-10-03 17:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-29 15:45 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 15:45 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 15:39 - 2013-10-22 12:50 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-29 15:36 - 2012-10-03 17:23 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 15:36 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-29 15:36 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-29 15:36 - 2012-06-03 00:41 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-29 15:36 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-29 15:36 - 2009-07-13 21:51 - 00087067 _____ () C:\windows\setupact.log
2014-12-29 15:13 - 2012-11-19 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-29 15:13 - 2012-11-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-29 13:10 - 2009-07-13 22:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-29 10:22 - 2012-10-03 17:15 - 00000422 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2014-12-29 10:20 - 2012-10-04 13:13 - 00003488 _____ () C:\windows\System32\Tasks\PCDEventLauncher
2014-12-29 10:20 - 2012-10-03 17:15 - 00003460 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest
2014-12-28 19:39 - 2014-09-07 21:01 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core.job
2014-12-28 13:38 - 2010-11-20 20:47 - 00214746 _____ () C:\windows\PFRO.log
2014-12-27 16:12 - 2012-10-13 17:54 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\SoftGrid Client
2014-12-26 19:57 - 2012-10-03 17:23 - 00000000 ____D () C:\Users\Average Savage\AppData\Local\Google
2014-12-26 15:35 - 2013-09-07 00:57 - 00000000 ____D () C:\Users\Average Savage\Documents\UCDenver
2014-12-26 15:16 - 2014-04-03 00:27 - 00009216 ___SH () C:\Users\Average Savage\Downloads\Thumbs.db
2014-12-13 14:07 - 2013-11-20 18:07 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-13 14:07 - 2012-06-03 00:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-11 13:47 - 2012-10-03 17:12 - 00126136 _____ () C:\Users\Average Savage\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-10 04:22 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-12-10 03:57 - 2012-06-03 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 03:57 - 2012-06-03 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 03:57 - 2012-06-03 00:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 03:44 - 2012-10-03 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 03:24 - 2013-08-18 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 03:11 - 2012-10-04 13:25 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-08 02:43 - 2012-10-03 17:15 - 00000564 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-07 04:00 - 2012-10-03 17:15 - 00004278 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-12-03 15:11 - 2012-06-03 02:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-30 12:20 - 2014-08-26 09:28 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\GoPro

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-26 16:18

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Average Savage at 2014-12-29 17:00:08
Running from C:\Users\Average Savage\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Leawo Video Converter version  5.2.0.1 (HKLM-x32\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version:  - )
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Becoming Human 1.0 (HKLM-x32\...\Becoming Human) (Version: 1.0 - Terra Incognita)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
Dell Digital Delivery (HKLM-x32\...\{F91BF1B5-4213-440C-8539-C6EB2F1D1734}) (Version: 2.2.4000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.7.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
MediaWidget 7.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version:  - Bootstrap Development, LLC.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

12-12-2014 03:00:14 Windows Update
16-12-2014 17:45:43 Windows Update
18-12-2014 03:00:12 Windows Update
25-12-2014 00:29:17 Windows Update
25-12-2014 23:28:07 Windows Defender Checkpoint
27-12-2014 16:29:40 Restore Point Created by FRST
28-12-2014 19:42:13 Windows Update
29-12-2014 15:10:46 Configured Microsoft Office Enterprise 2007
29-12-2014 15:33:05 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {065A0E99-4221-41BB-A1D5-555AAB30385E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {0C8208D8-692C-4531-967C-168D408002BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {0C8F52A1-8C01-451A-A91F-01B6F2EC0C55} - System32\Tasks\PCDEventLauncher => c:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {0E619A76-82E2-4450-AF60-7E482B42C96C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {2083FBB1-E4F4-4E9B-AEE3-90844634D4AC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2731679655-819755991-414572229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {75266F56-36BE-4304-81BA-31E44CA256E4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {90B04579-7AAA-4BE9-A7F6-335FEE05E559} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2731679655-819755991-414572229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A90F1EE6-5AD9-4E64-882B-B2A1E3CB7339} - System32\Tasks\PCDoctorBackgroundMonitorTask => c:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {DD68D7A2-7C45-4C05-8C6D-E050BC714163} - System32\Tasks\SystemToolsDailyTest => c:\Program Files\Dell Support Center\pcdrcui.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {EEBB03A0-B95E-4B89-8A27-5555EC1623FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F942309D-2FF4-4ED4-B902-955344E401E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {FF5A1A52-DC1C-4EF7-90B7-A1F830B2E115} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core.job => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA.job => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => c:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => c:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2012-06-03 00:42 - 2012-01-26 19:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-06-03 02:33 - 2011-03-25 18:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-27 17:26 - 2011-06-27 17:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2011-06-29 06:52 - 2011-06-29 06:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 13:52 - 2010-03-22 13:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 21:20 - 2011-06-24 21:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 17:25 - 2011-06-27 17:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 21:21 - 2011-06-24 21:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 17:52 - 2010-03-11 17:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 13:07 - 2010-03-05 13:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 13:07 - 2010-03-05 13:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 17:52 - 2010-03-11 17:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-16 17:18 - 2014-10-16 17:18 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2012-06-03 00:13 - 2011-01-12 15:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2731679655-819755991-414572229-500 - Administrator - Disabled)
Average Savage (S-1-5-21-2731679655-819755991-414572229-1000 - Administrator - Enabled) => C:\Users\Average Savage
Guest (S-1-5-21-2731679655-819755991-414572229-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2731679655-819755991-414572229-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 04:54:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

System errors:
=============
Error: (12/29/2014 04:52:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The F06DEFF2-5B9C-490D-910F-35D3A91196222 service failed to start due to the following error:
%%2

Error: (12/29/2014 04:52:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SmdmF Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/29/2014 04:52:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SmdmF Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 4004.27 MB
Available physical RAM: 1669.93 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 5555.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:122.02 GB) NTFS
Drive d: (Office 2007) (CDROM) (Total:0.49 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7D6721EE)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


  • 0

#9
BrianDrab
Posted 29 December 2014 - 11:41 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for the logs. You posted the correct ones!

 

It looks like you may have re-infected yourself already. Did you happen to download a program called FreeFileViewerSetup.exe or FreeFileViewerDMSetup.exe? If so, these files re-infected your machine. Please try to refrain from downloading any other files to your machine until we declare your machine clean as it makes our jobs much harder.

 

Let's get this cleaned up. Please follow the instructions below. Let me know how your machine is doing after this.

 

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   3.84KB   249 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - FRST Registry Search
 
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the word Chrome into the Search box and click the Search Registry button.
    Search.JPG
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

 

Step#3 - File Identification
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy the word Chrome and paste it into the Search box of the FRST window.
3. Click the Search Files button.
4. When the search is done it will open a notepad window with the results. Please copy/paste the contents of this window into your next post.

 

Step#4 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

Step#5 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 

 
Items for your next post

1. FRST Fix log

2. Registry Search log

3. File Search log

4. Malwarebytes log
5. Contents of the ESET log file

6. How's your computer doing?


  • 0

#10
godawgs
Posted 03 January 2015 - 02:21 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements

#11
godawgs
Posted 06 January 2015 - 08:38 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

User returned.


  • 0

#12
espeed
Posted 08 January 2015 - 02:07 PM

espeed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I'm sorry my response took so long, I had issues at home to take care of. But here are most of the logs you asked for, and my computer seems to be doing fine. I haven't noticed any possible symptoms of a virus.

I've included all of the logs, except for the ESET scan log. It is currently still scanning, I just didn't want this topic to expire again. So I will send the ESET log file as soon as it is finished, which shouldn't be more than another hour or two.

Thanks again for your help

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Average Savage at 2015-01-05 17:08:34 Run:3
Running from C:\Users\Average Savage\Desktop
Loaded Profile: Average Savage (Available profiles: Average Savage)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM-x32\...\RunOnce: [removeSettingsManagerdatamngr] => cmd.exe /c RD /S /Q "C:\Program Files (x86)\Settings Manager"
C:\Program Files (x86)\Settings Manager
HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-s...&tm=576&src=hmp
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...&p={searchTerms}
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=492&aid=165&itype=a&ver=15005&tm=576&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=165&itype=a&ver=15005&tm=576&src=ds&p=
FF SearchPlugin: C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (Google Cast) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-07]
CHR Extension: (MagicScroll Web Reader) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecldhagehndokdmaiaigoaecbmbnmfkc [2014-12-25]
CHR Extension: (AccuWeather) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-07]
R4 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc3.cfg [X]
2014-12-29 16:52 - 2014-12-29 16:57 - 00000000 ____D () C:\Users\Average Savage\AppData\Local\Linkey
2014-12-29 16:52 - 2014-12-29 16:52 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\FirefoxToolbar
2014-12-29 16:52 - 2014-12-29 16:52 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-12-29 16:51 - 2014-12-29 16:51 - 18816752 _____ (Bitberry Software ) C:\Users\Average Savage\Downloads\FreeFileViewerSetup.exe
2014-12-29 16:51 - 2014-12-29 16:51 - 00804768 _____ ( ) C:\Users\Average Savage\Desktop\FreeFileViewerDMSetup.exe
Folder: C:\Users\Average Savage\AppData\LocalLow\Adobe
EmptyTemp:

 

 

 

*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\removeSettingsManagerdatamngr => value deleted successfully.
C:\Program Files (x86)\Settings Manager => Moved successfully.
HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found.
"HKU\S-1-5-21-2731679655-819755991-414572229-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\searchplugins\default-search.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml => Moved successfully.
C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Moved successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => Moved successfully.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll not found.
CHR Profile: C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn => Moved successfully.
C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd => Moved successfully.
C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecldhagehndokdmaiaigoaecbmbnmfkc => Moved successfully.
C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj => Moved successfully.
C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
F06DEFF2-5B9C-490D-910F-35D3A9119622 => Unable to stop service
F06DEFF2-5B9C-490D-910F-35D3A9119622 => Service deleted successfully.
C:\Users\Average Savage\AppData\Local\Linkey => Moved successfully.
C:\Users\Average Savage\AppData\Roaming\FirefoxToolbar => Moved successfully.
"C:\Program Files (x86)\Settings Manager" => File/Directory not found.
C:\Users\Average Savage\Downloads\FreeFileViewerSetup.exe => Moved successfully.
"C:\Users\Average Savage\Desktop\FreeFileViewerDMSetup.exe" => File/Directory not found.

========================= Folder: C:\Users\Average Savage\AppData\LocalLow\Adobe ========================

2012-10-19 11:37 - 2012-10-19 11:37 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat
2012-10-19 11:37 - 2014-12-26 20:05 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0
2012-10-19 11:38 - 2012-11-07 18:56 - 0039248 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip
2012-10-19 11:38 - 2014-12-26 20:05 - 0071680 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages
2012-12-05 19:53 - 2014-12-26 20:05 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets
2012-12-05 19:53 - 2012-12-05 19:53 - 0000859 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-121206025325Z-8498262
2012-12-05 19:53 - 2012-12-05 19:53 - 0000882 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-121206025325Z-8498277
2012-12-05 19:53 - 2012-12-05 19:53 - 0000763 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-121206025326Z-8498287
2012-12-05 19:53 - 2012-12-05 19:53 - 0000773 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-121206025326Z-8498303
2012-12-05 19:53 - 2012-12-05 19:53 - 0000858 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-121206025326Z-8498313
2012-12-05 19:53 - 2012-12-05 19:53 - 0000858 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-121206025327Z-8498330
2013-03-03 15:48 - 2013-03-03 15:48 - 0063139 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-130303224838Z-19415106
2013-06-27 20:44 - 2013-06-27 20:44 - 0001908 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-130628034422Z-22393171
2013-11-26 13:46 - 2013-11-26 13:46 - 0001908 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-131126204627Z-14669856
2013-11-26 13:46 - 2013-11-26 13:46 - 0000763 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-131126204628Z-14669901
2013-11-26 13:46 - 2013-11-26 13:46 - 0063139 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-131126204629Z-14669934
2013-11-26 13:46 - 2013-11-26 13:46 - 0000859 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-131126204630Z-14669965
2013-11-26 13:46 - 2013-11-26 13:46 - 0000882 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-131126204631Z-14669985
2013-12-09 19:52 - 2013-12-09 19:52 - 0002641 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-131210025221Z-8368113
2014-05-04 22:13 - 2014-05-04 22:13 - 0001908 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140505051353Z-3826155
2014-05-04 22:13 - 2014-05-04 22:13 - 0000763 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140505051355Z-3826203
2014-05-04 22:13 - 2014-05-04 22:13 - 0063139 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140505051356Z-3826246
2014-05-04 22:13 - 2014-05-04 22:13 - 0000882 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140505051358Z-3826289
2014-05-04 22:13 - 2014-05-04 22:13 - 0000859 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140505051359Z-3826333
2014-05-04 22:14 - 2014-05-04 22:14 - 0002641 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140505051400Z-3826378
2014-05-30 13:19 - 2014-05-30 13:19 - 0001908 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140530201921Z-1251128
2014-05-30 13:19 - 2014-05-30 13:19 - 0000882 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140530201922Z-1251155
2014-05-30 13:19 - 2014-05-30 13:19 - 0063139 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140530201923Z-1251188
2014-05-30 13:19 - 2014-05-30 13:19 - 0000859 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140530201924Z-1251220
2014-05-30 13:19 - 2014-05-30 13:19 - 0000763 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140530201925Z-1251234
2014-05-30 13:19 - 2014-05-30 13:19 - 0002641 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140530201926Z-1251264
2014-09-07 18:59 - 2014-09-07 18:59 - 0001908 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140908015929Z-14887173
2014-09-07 18:59 - 2014-09-07 18:59 - 0000763 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140908015931Z-14887219
2014-09-07 18:59 - 2014-09-07 18:59 - 0063139 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140908015931Z-14887241
2014-09-07 18:59 - 2014-09-07 18:59 - 0000882 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140908015932Z-14887262
2014-09-07 18:59 - 2014-09-07 18:59 - 0000859 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140908015933Z-14887287
2014-09-07 18:59 - 2014-09-07 18:59 - 0002641 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140908015934Z-14887328
2014-09-23 15:33 - 2014-09-23 15:33 - 0001908 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140923223332Z-3111133
2014-09-23 15:33 - 2014-09-23 15:33 - 0063139 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140923223332Z-3111152
2014-09-23 15:33 - 2014-09-23 15:33 - 0000763 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140923223333Z-3111167
2014-09-23 15:33 - 2014-09-23 15:33 - 0000882 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140923223333Z-3111192
2014-09-23 15:33 - 2014-09-23 15:33 - 0000859 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140923223334Z-3111207
2014-09-23 15:33 - 2014-09-23 15:33 - 0002641 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-140923223335Z-3111226
2014-12-26 20:05 - 2014-12-26 20:05 - 0001908 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-141227030511Z-2303345
2014-12-26 20:05 - 2014-12-26 20:05 - 0000763 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-141227030512Z-2303364
2014-12-26 20:05 - 2014-12-26 20:05 - 0063139 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-141227030512Z-2303377
2014-12-26 20:05 - 2014-12-26 20:05 - 0000859 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-141227030513Z-2303392
2014-12-26 20:05 - 2014-12-26 20:05 - 0000882 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-141227030513Z-2303403
2014-12-26 20:05 - 2014-12-26 20:05 - 0002641 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-141227030514Z-2303421
2013-09-06 22:06 - 2013-09-06 22:06 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\Search
2013-09-06 22:06 - 2013-09-06 22:06 - 0022335 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\Search\a5da5d943cbc0e418de4960b59786f7c.idx
2013-11-26 13:49 - 2014-12-03 00:55 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer
2014-12-03 00:55 - 2014-12-03 00:55 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer\inprogress
2013-11-26 13:49 - 2014-12-03 00:55 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer\metadata
2013-11-26 13:49 - 2014-12-03 00:55 - 0033792 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer\metadata\Synchronizer100
2013-11-26 13:49 - 2014-12-03 00:55 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer\resources
2014-12-03 00:55 - 2014-12-03 00:55 - 0000000 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer\resources\resource-18
2014-12-03 00:55 - 2014-12-03 00:55 - 0168429 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer\resources\resource-19
2012-10-19 11:37 - 2012-10-19 11:37 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics
2012-10-19 11:37 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary
2013-06-27 20:44 - 2013-06-27 20:45 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all
2013-06-27 20:45 - 2013-06-27 20:45 - 0000000 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\added.txt
2013-06-27 20:45 - 2013-06-27 20:45 - 0000000 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\excluded.txt
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\ara
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brz
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\bul
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cfr
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\ctl
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cze
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dan
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dut
2013-06-27 20:44 - 2013-06-27 20:45 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng
2013-06-27 20:45 - 2013-06-27 20:45 - 0001024 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\added.clam
2013-06-27 20:45 - 2013-06-27 20:45 - 0000000 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\added.txt
2013-06-27 20:45 - 2013-06-27 20:45 - 0000000 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\exceptions.txt
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\est
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\fin
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\frn
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\gre
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\grm
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\heb
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hrv
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hun
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\itl
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lav
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lit
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nrw
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nyn
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\pol
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\prt
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rum
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rus
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\sgr
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slo
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slv
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\spn
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\swd
2013-06-27 20:44 - 2013-06-27 20:44 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\tur
2014-03-19 18:39 - 2014-03-19 18:39 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Shockwave Player 12
2014-03-19 18:39 - 2014-03-19 18:43 - 0003996 _____ () C:\Users\Average Savage\AppData\LocalLow\Adobe\Shockwave Player 12\Shockwave Log
2014-03-19 18:39 - 2014-03-19 18:39 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Shockwave Player 12\DswMedia
2014-03-19 18:39 - 2014-03-19 18:39 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Shockwave Player 12\Prefs
2014-03-19 18:39 - 2014-03-19 18:39 - 0000000 ____D () C:\Users\Average Savage\AppData\LocalLow\Adobe\Shockwave Player 12\Prefs\2PUGWMAW

====== End of Folder: ======

EmptyTemp: => Removed 754.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog 17:10:29 ====

 

 

Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Average Savage at 2015-01-07 12:04:17
Running from C:\Users\Average Savage\Desktop
Boot Mode: Normal

================== Search Registry: "Chrome" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\CfgWebBrowser3]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Shockwave 12\3rdptycode\DeclineCount\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\AppDataLow\Software\Adobe\Shockwave 12\3rdptycode\DeclineCount\Chrome]
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Google\Chrome]
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Google\Chromecast]
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Google\Update]
"LastInstallerSuccessLaunchCmdLine"="C:\Users\Average Savage\AppData\Local\Google\Chromecast\ChromecastApp.exe"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Google\Update\Clients\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}]
"name"="ChromecastApp"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Google\Update\ClientState\{079EDE36-133D-44B0-8053-C7C1FA8D2E0D}]
"LastInstallerSuccessLaunchCmdLine"="C:\Users\Average Savage\AppData\Local\Google\Chromecast\ChromecastApp.exe"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\cef6191f_0]
""="{0.0.0.00000000}.{80e82ee8-d0fd-4ef4-8aea-b2931b4341c1}|\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"Inno Setup: App Path"="C:\Users\Average Savage\AppData\Local\Google\Chromecast"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"InstallLocation"="C:\Users\Average Savage\AppData\Local\Google\Chromecast\"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"Inno Setup: Icon Group"="Chromecast"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"DisplayName"="ChromecastApp"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"DisplayIcon"="C:\Users\Average Savage\AppData\Local\Google\Chromecast\ChromecastApp.exe"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"UninstallString"=""C:\Users\Average Savage\AppData\Local\Google\Chromecast\unins000.exe""
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"QuietUninstallString"=""C:\Users\Average Savage\AppData\Local\Google\Chromecast\unins000.exe" /SILENT"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"URLInfoAbout"="http://www.google.com/chromecast"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"HelpLink"="http://www.google.com/chromecast"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1]
"URLUpdateInfo"="http://www.google.com/chromecast"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Average Savage\AppData\Local\Google\Chromecast\ChromecastApp.exe"="ChromecastApp"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Average Savage\AppData\Local\Google\Chromecast\ChromecastApp.exe"="ChromecastApp"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Average Savage\AppData\Local\Google\Chromecast\ChromecastApp.exe"="ChromecastApp"
[HKEY_USERS\S-1-5-21-2731679655-819755991-414572229-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Average Savage\AppData\Local\Google\Chromecast\ChromecastApp.exe"="ChromecastApp"

====== End Of Search ======

 

 

Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Average Savage at 2015-01-07 12:04:36
Running from C:\Users\Average Savage\Desktop
Boot Mode: Normal

================== Search Files: "Chrome" =============

====== End Of Search ======

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/7/2015
Scan Time: 12:12:55 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.07.12
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Average Savage

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349288
Time Elapsed: 25 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, Quarantined, [772130c4b0d969cdebbb473641c2e11f],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2731679655-819755991-414572229-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [aeea15df8dfc5dd98c922982d52ea858],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2731679655-819755991-414572229-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [e1b7b73dafdac86e062f1da43aca6d93],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2731679655-819755991-414572229-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0E1G1J1H, Quarantined, [e1b7b73dafdac86e062f1da43aca6d93]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Datamngr.A, C:\Users\Average Savage\AppData\LocalLow\DataMngr, Quarantined, [c8d0cd27612839fdea96ee4820e3ac54],

Files: 1
PUP.Optional.Datamngr.A, C:\Users\Average Savage\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, Quarantined, [c8d0cd27612839fdea96ee4820e3ac54],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#13
BrianDrab
Posted 08 January 2015 - 02:50 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem, thanks for coming back. I understand life can get in the way.

 

After you post the results of the ESET scan there's a final fix we need to do but because it's been a little while please provide the following fresh logs. I want to review a final time before our last fix. Thank you.

 

Step#1 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post
1. FRST and Addition logs

 

 


  • 0

#14
espeed
Posted 08 January 2015 - 03:32 PM

espeed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

OK, here are the results of the ESET.

 

 

 

C:\AdwCleaner\Quarantine\C\ProgramData\Tbccint\Multi\CT3312269\UninstallerUI.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Average Savage\AppData\Local\NativeMessaging\CT3312269\1_0_2_0\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\smdmf\del_DM_DLL_nsa5585.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\smdmf\del_DM_LL_nsa5585.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\smdmf\del_IEBHO_nsa5585.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\smdmf\del_mg_nsa5585.dll a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\smdmf\x64\del_BHO_nsa5585.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\smdmf\x64\del_DM_DLL_nsa5585.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\smdmf\x64\del_DM_LL_nsa5585.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\smdmf\x64\del_mg_nsa5585.dll a variant of Win64/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\habaikmcgnehdaefplmiephpkgojijob\habaikmcgnehdaefplmiephpkgojijob\h0.js JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\CRE\ldmmfhnlekjcmmmlfkhmbhalnokjannj.crx.xBAD a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecldhagehndokdmaiaigoaecbmbnmfkc\230\kbTrG3Px.js JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog\210\obL.js JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj\10.33.0.5_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj\10.33.0.5_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmmfhnlekjcmmmlfkhmbhalnokjannj\10.33.0.5_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\Linkey\IEExtension\iedll.dll a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\TB\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\TB\APISupport\APISupport.old a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\TB\APISupport\MiniSP_1.0.3.3\MiniSP32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\tbccint\Chrome\CT3312269\CHUninstaller.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\tbccint\Chrome\CT3312269\UninstallerUI.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Local\tbccint\Community Alerts\Alert.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\Extensions\[email protected]\content\bg.js JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default\Extensions\[email protected]\content\bg.js JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Users\Average Savage\Downloads\FreeFileViewerSetup.exe.xBAD a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Average Savage\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy potentially unsafe application
 


  • 0

#15
espeed
Posted 08 January 2015 - 03:40 PM

espeed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

And here's the fresh set of logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Average Savage (administrator) on LAZLO on 08-01-2015 14:38:18
Running from C:\Users\Average Savage\Desktop
Loaded Profile: Average Savage (Available profiles: Average Savage)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Bootstrap Software Development) C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BSDAppUpdater] => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2013-05-21] (Bootstrap Software Development)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [Google Update] => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-07] (Google Inc.)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-03] (Google Inc.)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\RunOnce: [Adobe Speed Launcher] => 1420503241
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default
FF DefaultSearchEngine: Google
FF Homepage: www.theonion.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173568 2012-10-09] (Dell Products, LP.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-01-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
U0 ushtqw; C:\Windows\System32\drivers\sarrhfq.sys [79064 2015-01-07] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 14:38 - 2015-01-08 14:38 - 00015478 _____ () C:\Users\Average Savage\Desktop\FRST.txt
2015-01-08 11:45 - 2015-01-08 11:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-07 13:06 - 2015-01-07 13:06 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\sarrhfq.sys
2015-01-07 12:12 - 2015-01-07 12:12 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 12:11 - 2015-01-07 12:11 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-07 12:11 - 2015-01-07 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-07 12:11 - 2015-01-07 12:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 12:11 - 2015-01-07 12:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-07 12:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 12:11 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 12:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-07 12:04 - 2015-01-07 12:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Average Savage\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-05 19:42 - 2015-01-05 19:42 - 00000000 ____D () C:\Users\Average Savage\Desktop\Photos to email
2015-01-05 17:08 - 2015-01-07 12:01 - 00000000 ____D () C:\Users\Average Savage\Desktop\FRST-OlderVersion
2014-12-30 15:35 - 2014-12-30 15:35 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-29 16:03 - 2014-12-29 16:03 - 05198336 _____ (AVAST Software) C:\Users\Average Savage\Desktop\aswMBR.exe
2014-12-29 15:55 - 2014-12-29 15:55 - 00000000 ____D () C:\windows\ERUNT
2014-12-29 15:50 - 2014-12-29 15:50 - 01707939 _____ (Thisisu) C:\Users\Average Savage\Desktop\JRT.exe
2014-12-28 14:16 - 2015-01-08 14:37 - 00000000 ____D () C:\Users\Average Savage\Desktop\Antivirus
2014-12-28 13:33 - 2014-12-28 13:36 - 00000000 ___DC () C:\AdwCleaner
2014-12-27 18:58 - 2014-12-27 18:58 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-27 18:58 - 2014-12-27 18:58 - 00001945 _____ () C:\windows\epplauncher.mif
2014-12-27 18:57 - 2014-12-27 18:58 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2014-12-27 18:57 - 2014-12-27 18:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-27 16:24 - 2014-12-27 16:24 - 00004920 _____ () C:\Users\Average Savage\Downloads\fixlist.txt
2014-12-26 15:57 - 2015-01-08 14:38 - 00000000 ___DC () C:\FRST
2014-12-26 15:56 - 2015-01-07 12:01 - 02124288 ____C (Farbar) C:\Users\Average Savage\Desktop\FRST64.exe
2014-12-18 20:45 - 2014-12-18 20:45 - 00000000 __SHD () C:\Users\Average Savage\AppData\Local\EmieBrowserModeList
2014-12-18 02:26 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 02:26 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-10 03:57 - 2014-12-10 03:57 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-10 03:05 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 03:05 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 01:08 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 01:08 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 01:08 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 01:08 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 01:08 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 01:08 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 01:08 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 01:08 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 01:08 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 01:08 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 01:08 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 01:08 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 01:08 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 01:08 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 01:08 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 01:08 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 01:08 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 01:08 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 01:08 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 01:08 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 01:08 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 01:08 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 01:08 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 01:06 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 01:06 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 01:06 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 01:06 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 01:06 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 01:06 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 02:26 - 2014-12-26 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 13:58 - 2012-06-03 00:04 - 01339613 _____ () C:\windows\WindowsUpdate.log
2015-01-08 13:57 - 2012-06-03 00:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 13:51 - 2014-09-07 21:01 - 00000944 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA.job
2015-01-08 13:51 - 2012-10-03 17:23 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 13:24 - 2012-10-03 17:15 - 00000422 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2015-01-08 13:22 - 2012-10-04 13:13 - 00003488 _____ () C:\windows\System32\Tasks\PCDEventLauncher
2015-01-08 13:20 - 2012-10-03 17:15 - 00003460 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest
2015-01-08 12:46 - 2009-07-13 22:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-07 23:59 - 2012-10-03 17:23 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 23:59 - 2012-10-03 17:15 - 00004278 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-01-07 23:59 - 2012-10-03 17:15 - 00000564 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-07 23:52 - 2014-09-07 21:01 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core.job
2015-01-05 17:21 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 17:21 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 17:15 - 2013-10-22 12:50 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-05 17:14 - 2012-06-03 00:41 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-05 17:13 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-05 17:13 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-05 17:12 - 2010-11-20 20:47 - 00218988 _____ () C:\windows\PFRO.log
2015-01-05 17:12 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-05 17:12 - 2009-07-13 21:51 - 00087347 _____ () C:\windows\setupact.log
2014-12-31 04:14 - 2010-11-20 20:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-29 15:55 - 2012-10-03 17:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-29 15:13 - 2012-11-19 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-29 15:13 - 2012-11-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-27 16:12 - 2012-10-13 17:54 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\SoftGrid Client
2014-12-26 19:57 - 2012-10-03 17:23 - 00000000 ____D () C:\Users\Average Savage\AppData\Local\Google
2014-12-26 15:35 - 2013-09-07 00:57 - 00000000 ____D () C:\Users\Average Savage\Documents\UCDenver
2014-12-26 15:16 - 2014-04-03 00:27 - 00009216 ___SH () C:\Users\Average Savage\Downloads\Thumbs.db
2014-12-13 14:07 - 2013-11-20 18:07 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-13 14:07 - 2012-06-03 00:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-11 13:47 - 2012-10-03 17:12 - 00126136 _____ () C:\Users\Average Savage\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-10 04:22 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-12-10 03:57 - 2012-06-03 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 03:57 - 2012-06-03 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 03:57 - 2012-06-03 00:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 03:44 - 2012-10-03 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 03:24 - 2013-08-18 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 03:11 - 2012-10-04 13:25 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 12:29

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Average Savage at 2015-01-08 14:39:13
Running from C:\Users\Average Savage\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Leawo Video Converter version  5.2.0.1 (HKLM-x32\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version:  - )
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Becoming Human 1.0 (HKLM-x32\...\Becoming Human) (Version: 1.0 - Terra Incognita)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
Dell Digital Delivery (HKLM-x32\...\{F91BF1B5-4213-440C-8539-C6EB2F1D1734}) (Version: 2.2.4000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.7.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaWidget 7.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version:  - Bootstrap Development, LLC.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

27-12-2014 16:29:40 Restore Point Created by FRST
28-12-2014 19:42:13 Windows Update
29-12-2014 15:10:46 Configured Microsoft Office Enterprise 2007
29-12-2014 15:33:05 Restore Point Created by FRST
29-12-2014 21:13:58 Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64).
01-01-2015 20:10:21 Windows Update
04-01-2015 20:34:57 Windows Update
05-01-2015 17:08:41 Restore Point Created by FRST
08-01-2015 00:13:49 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {065A0E99-4221-41BB-A1D5-555AAB30385E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {0C8208D8-692C-4531-967C-168D408002BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {0C8F52A1-8C01-451A-A91F-01B6F2EC0C55} - System32\Tasks\PCDEventLauncher => c:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {0E619A76-82E2-4450-AF60-7E482B42C96C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {2083FBB1-E4F4-4E9B-AEE3-90844634D4AC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2731679655-819755991-414572229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {75266F56-36BE-4304-81BA-31E44CA256E4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {90B04579-7AAA-4BE9-A7F6-335FEE05E559} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2731679655-819755991-414572229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A90F1EE6-5AD9-4E64-882B-B2A1E3CB7339} - System32\Tasks\PCDoctorBackgroundMonitorTask => c:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {DD68D7A2-7C45-4C05-8C6D-E050BC714163} - System32\Tasks\SystemToolsDailyTest => c:\Program Files\Dell Support Center\pcdrcui.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {EEBB03A0-B95E-4B89-8A27-5555EC1623FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F942309D-2FF4-4ED4-B902-955344E401E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {FF5A1A52-DC1C-4EF7-90B7-A1F830B2E115} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core.job => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA.job => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => c:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => c:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2011-03-09 10:41 - 2011-03-09 10:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2012-06-03 02:33 - 2011-03-25 18:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-27 17:26 - 2011-06-27 17:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2012-06-03 00:42 - 2012-01-26 19:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-06-29 06:52 - 2011-06-29 06:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-02-28 01:33 - 2010-02-28 01:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-05 08:24 - 2010-03-05 08:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 13:52 - 2010-03-22 13:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 18:28 - 2010-03-16 18:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 21:20 - 2011-06-24 21:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 17:25 - 2011-06-27 17:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 21:21 - 2011-06-24 21:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 17:52 - 2010-03-11 17:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 13:07 - 2010-03-05 13:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 13:07 - 2010-03-05 13:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 17:52 - 2010-03-11 17:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-16 17:18 - 2014-10-16 17:18 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2012-06-03 00:13 - 2011-01-12 15:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2731679655-819755991-414572229-500 - Administrator - Disabled)
Average Savage (S-1-5-21-2731679655-819755991-414572229-1000 - Administrator - Enabled) => C:\Users\Average Savage
Guest (S-1-5-21-2731679655-819755991-414572229-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2731679655-819755991-414572229-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2015 00:33:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31185

Error: (01/08/2015 00:33:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31185

Error: (01/08/2015 00:33:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2015 00:32:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15632

Error: (01/08/2015 00:32:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15632

Error: (01/08/2015 00:32:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2015 03:57:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15413

Error: (01/08/2015 03:57:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15413

Error: (01/08/2015 03:57:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2015 11:52:03 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program WD Drive Manager Status because of this error.

Program: WD Drive Manager Status
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

System errors:
=============
Error: (01/06/2015 07:40:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}

Error: (01/05/2015 05:15:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/29/2014 04:52:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The F06DEFF2-5B9C-490D-910F-35D3A91196222 service failed to start due to the following error:
%%2

Error: (12/29/2014 04:52:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SmdmF Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/29/2014 04:52:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SmdmF Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 47%
Total physical RAM: 4004.27 MB
Available physical RAM: 2086.51 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 5648.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:122.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7D6721EE)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP