Hello,
My computer is infected with the SlimCleaner Plus tool. Malwarebytes software won't get rid of it and it opens by itself every time I start my computer. I have tried uninstalling it from the Control Panel to no avail.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Jason (administrator) on JASONSPC on 10-05-2015 17:26:04
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available profiles: Jason & Guest)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6711840 2009-03-04] (Realtek Semiconductor)
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165056 2014-11-17] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\MountPoints2: {341b1e8f-799d-11de-b766-0018390f34c7} - H:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-02-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-04-14]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-07-24]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-07-22]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-11-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser 미디어 검사 도구.lnk [2009-08-06]
ShortcutTarget: Picture Motion Browser 미디어 검사 도구.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-4116279430-165223371-606681180-1000 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
SearchScopes: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> {AA1B71EF-39AD-425F-8AAD-3E55E5494F98} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-08] (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Jason\Documents\CKKeyPro_Installer_Multi.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54
FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: www.hotmail.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll [2014-08-24] (SoftForum Co., Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\user.js [2014-09-08]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-03-30] (Apple Inc.)
FF SearchPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\searchplugins\mywebsearch.xml [2011-01-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-09]
FF Extension: YouTube mp3 - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\Extensions\[email protected] [2014-11-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
FF HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\Firefox\Extensions: [{FCB5AF80-B719-49EE-9BD3-89D3E5B648AF}] - C:\Users\Jason\AppData\Local\{FCB5AF80-B719-49EE-9BD3-89D3E5B648AF}
FF HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-23]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-02] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2006-12-10] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [222016 2014-11-17] (SlimWare Utilities, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 JRSKD24; C:\Windows\system32\JRSKD24.SYS [21304 2014-08-24] (SoftForum Corporation)
R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [12728 2014-08-24] (SoftForum Corporation)
S3 kcrtx86; C:\Windows\system32\kcrtx86.sys [126048 2014-08-24] (Kings Information & Network)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-10 17:26 - 2015-05-10 17:26 - 00017832 _____ () C:\Users\Jason\Desktop\FRST.txt
2015-05-10 17:24 - 2015-05-10 17:26 - 00000000 ____D () C:\FRST
2015-05-10 17:24 - 2015-05-10 17:24 - 01141248 _____ (Farbar) C:\Users\Jason\Desktop\FRST.exe
2015-05-10 15:55 - 2015-05-10 15:55 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-23 14:37 - 2015-04-23 14:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-14 23:20 - 2015-03-08 18:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 23:10 - 2015-03-04 19:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:09 - 2015-03-13 19:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:09 - 2015-03-12 18:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-14 23:09 - 2015-03-12 18:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:09 - 2015-03-04 19:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:09 - 2015-03-04 19:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 22:51 - 2015-03-09 16:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 22:51 - 2015-03-09 16:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 22:51 - 2015-03-09 16:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 22:51 - 2015-03-09 16:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 22:51 - 2015-03-09 15:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 22:51 - 2015-03-09 15:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 22:51 - 2015-03-09 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 22:51 - 2015-03-09 15:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 22:51 - 2015-03-09 15:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 22:51 - 2015-03-09 15:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-10 17:23 - 2006-11-02 05:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-10 17:23 - 2006-11-02 05:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-10 17:10 - 2012-04-11 12:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-10 16:17 - 2009-07-07 20:10 - 01525048 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 15:56 - 2014-08-14 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 15:55 - 2014-08-14 18:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-10 15:52 - 2014-12-07 06:52 - 00000366 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jason).job
2015-05-07 09:19 - 2011-06-23 14:55 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashDumps
2015-04-28 21:35 - 2006-11-02 05:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-28 21:34 - 2012-04-25 16:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-28 21:33 - 2006-11-02 05:58 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-22 02:25 - 2011-03-02 00:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Windows Live
2015-04-15 00:11 - 2012-04-11 12:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 00:11 - 2011-05-22 23:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 00:09 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-14 23:20 - 2013-07-13 09:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 23:11 - 2006-11-02 03:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-14 23:10 - 2009-07-25 21:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 23:08 - 2006-11-02 03:33 - 00763092 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 09:37 - 2014-08-14 18:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-08-14 18:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2010-12-21 22:20 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
==================== Files in the root of some directories =======
2009-07-22 23:38 - 2009-07-22 23:38 - 0000000 _____ () C:\Users\Jason\AppData\Roaming\wklnhst.dat
2010-09-25 21:51 - 2015-02-22 17:49 - 0000680 _____ () C:\Users\Jason\AppData\Local\d3d9caps.dat
2009-07-22 23:48 - 2010-01-10 20:41 - 0004608 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-24 02:16 - 2011-01-31 16:25 - 0000120 _____ () C:\Users\Jason\AppData\Local\Gdinovoxa.dat
2011-01-24 02:16 - 2011-01-31 02:30 - 0000000 _____ () C:\Users\Jason\AppData\Local\Wtipejivulu.bin
2011-01-31 07:13 - 2011-01-31 16:31 - 0000512 _____ () C:\ProgramData\cyFWUUQY
2011-01-24 02:17 - 2011-01-31 04:10 - 0000520 _____ () C:\ProgramData\gcR7HTP4OWq0
2009-07-25 22:30 - 2014-08-24 16:33 - 0001215 _____ () C:\ProgramData\hpzinstall.log
2011-01-24 02:17 - 2011-01-31 07:47 - 0000272 _____ () C:\ProgramData\~gcR7HTP4OWq0
2011-01-24 02:17 - 2011-01-24 02:17 - 0000168 _____ () C:\ProgramData\~gcR7HTP4OWq0r
Files to move or delete:
====================
C:\Users\Jason\OJJ5700_Basic_8.exe
Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\autorun.dll
C:\Users\Jason\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Jason\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Jason\AppData\Local\Temp\install_flashplayer11x32_mssa_aih.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-29 09:42
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by Jason at 2015-05-10 17:27:12
Running from C:\Users\Jason\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4116279430-165223371-606681180-500 - Administrator - Disabled)
Guest (S-1-5-21-4116279430-165223371-606681180-501 - Limited - Enabled) => C:\Users\Guest
Jason (S-1-5-21-4116279430-165223371-606681180-1000 - Administrator - Enabled) => C:\Users\Jason
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
BPD_Scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 82.0.173.000 - Hewlett-Packard) Hidden
ClientKeeper KeyPro with E2E for 32bit (HKLM\...\XecureCK) (Version: - SoftForum Co. Ltd.)
Compact Wireless-G USB Network Adapter with SpeedBooster (HKLM\...\{65563451-00B6-458C-9F9A-03A7757355A6}) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Enterprise (Version: 50.0.165.000 - Hewlett-Packard) Hidden
HP Officejet All-In-One Series (HKLM\...\{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}) (Version: 1.0 - HP)
HP Officejet J5700 AiO Series Corporate Edition 8.0 (HKLM\...\{8AFE6E90-060E-4774-861B-2408299A357C}) (Version: 1.0 - HP)
HP Support Solutions Framework (HKLM\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
iTunes (HKLM\...\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}) (Version: 10.2.1.1 - Apple Inc.)
Java 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.1.00.11270 - Sony Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - )
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SlimCleaner Plus (HKLM\...\{367ADFA6-09FD-43D8-94D7-C205EC9383DD}) (Version: 1.0.25242 - SlimWare Utilities, Inc.)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.0.01.12110 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4116279430-165223371-606681180-1000_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}\InprocServer32 -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
==================== Restore Points =========================
31-03-2015 02:17:25 Windows Update
31-03-2015 23:42:49 Scheduled Checkpoint
03-04-2015 12:27:21 Scheduled Checkpoint
03-04-2015 21:37:57 Windows Update
05-04-2015 21:15:41 Scheduled Checkpoint
06-04-2015 13:10:28 Scheduled Checkpoint
06-04-2015 23:05:01 Windows Update
08-04-2015 14:05:47 Scheduled Checkpoint
09-04-2015 22:28:00 Scheduled Checkpoint
10-04-2015 02:00:25 Windows Update
11-04-2015 01:01:23 Scheduled Checkpoint
11-04-2015 15:30:05 Scheduled Checkpoint
14-04-2015 00:19:18 Windows Update
14-04-2015 13:10:43 Scheduled Checkpoint
14-04-2015 23:02:55 Windows Update
19-04-2015 15:22:01 Scheduled Checkpoint
21-04-2015 15:45:14 Windows Update
27-04-2015 23:30:57 Windows Update
29-04-2015 15:00:39 Scheduled Checkpoint
01-05-2015 14:34:10 Windows Update
05-05-2015 02:22:05 Windows Update
08-05-2015 19:57:08 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-06-23 18:44 - 2012-06-23 18:44 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02F62845-79AE-424E-AD40-80A0B8CDB5E6} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Jason) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2014-11-17] (SlimWare Utilities, Inc.)
Task: {71F67AD8-7686-49E3-877D-191FEF69FD9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {95D3CED1-88FE-4437-8722-86A4A315E307} - System32\Tasks\{EEC36302-84C6-457D-AB1C-8C0C58D512B8} => pcalua.exe -a F:\setup.exe -d F:\
Task: {96F20077-BFA0-45F4-A712-AD8B01A26FF1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jason => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jason).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{8260AB58-C28E-427B-9F80-5C0C8EFB9375}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2009-11-13 17:15 - 2009-11-13 17:15 - 00017648 _____ () C:\Program Files\Dell DataSafe Online\cpputils.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\2d0d6a3fb1ef094ef224bb8adbcf8f33\VistaBridgeLibrary.ni.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 01807600 _____ () C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
2009-11-13 17:15 - 2009-11-13 17:15 - 00275696 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.dll
2009-04-09 14:29 - 2009-04-09 14:29 - 00058608 _____ () C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00095472 _____ () C:\Program Files\Dell DataSafe Online\SdbUI.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00152816 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-03 16:51 - 2009-11-03 16:51 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-11-17 13:57 - 2014-11-17 13:57 - 00671040 _____ () C:\Program Files\SlimService\MyDefragDll.dll
2015-04-15 00:11 - 2015-04-15 00:11 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7173 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1 - 184.16.33.54
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{A60F9C66-CABD-4866-B5E9-39781E880CEB}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{A36DF11D-6F79-4A45-84EE-94771D86C504}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{9FB34426-F81A-4F25-8CBC-E3619B965072}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8D8035D1-C1E5-4610-A11A-93C949CA5220}] => (Allow) svchost.exe
FirewallRules: [{E9F5691B-486B-4EF8-8678-33ABAEA22DD8}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{5E03F668-4309-4B3D-8F04-7A3FF0349C56}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C79F6227-8C01-4840-AD96-97ADCBF78F0A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{5CCE2860-7B86-4037-BEF6-E1F5D671C90F}] => (Allow) LPort=80
FirewallRules: [{CCA14EA5-1C5F-42A7-95C0-71E779E72E83}] => (Allow) LPort=80
FirewallRules: [{45F40409-7D0C-4562-BC8A-C64AEC8F8C2C}] => (Allow) LPort=80
FirewallRules: [{C57A48C4-3C70-4BAA-A05B-D3E16A25B3A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD53B55C-53E2-4A34-840D-7BCC1E6F88DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB3396F5-12D1-4D18-BE35-B48074F32FA0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{832BCA91-09A3-4376-972A-5A25D1B56149}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0E9240AB-4BB2-4BCE-BDDF-8094273EEC1A}] => (Allow) LPort=2869
FirewallRules: [{BE54C1CF-0019-426F-BD29-BDB49A27CBCE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{D40F1E72-C1D0-41DC-9B52-020B985C3D4C}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{D40EA6CF-6B34-455D-8E1E-E8F1CF4B967A}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{E54CB611-28C8-4347-AD04-0B56B5205411}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{77CEDC2E-B211-4FE0-97FC-DF012519E75C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6557DD1A-AEC1-455E-86FE-EBD6D24ECAF3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/09/2015 10:53:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16162
Error: (05/09/2015 10:53:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16162
Error: (05/09/2015 10:53:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/09/2015 03:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17300
Error: (05/09/2015 03:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17300
Error: (05/09/2015 03:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/08/2015 08:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33743
Error: (05/08/2015 08:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33743
Error: (05/08/2015 08:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/08/2015 08:28:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17472
System errors:
=============
Error: (05/10/2015 03:54:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000slsvc
Error: (05/09/2015 03:01:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000slsvc
Error: (05/09/2015 02:59:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000LanmanWorkstation
Error: (05/07/2015 07:27:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman
Error: (05/07/2015 01:55:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Error: (05/06/2015 00:47:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000slsvc
Error: (05/05/2015 06:32:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Error: (05/05/2015 02:22:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Volume Shadow Copy%%1053
Error: (05/05/2015 02:22:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Volume Shadow Copy
Error: (05/05/2015 02:22:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-05-10 17:27:03.105
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-10 17:27:01.732
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-10 17:27:00.578
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-10 17:26:59.314
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-10 17:26:57.816
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-10 17:26:56.568
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-10 17:26:55.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-10 17:26:54.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-10 17:26:23.918
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-10 17:26:22.077
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU 450 @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 2012.32 MB
Available physical RAM: 590.5 MB
Total Pagefile: 4269.88 MB
Available Pagefile: 2350.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.41 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:198.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1E341BB4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================