I am infected with MPC cleaner. I can't find any files that are listed under that over files that have been listed in other forums to remove it. It pops up and now I can't use amazon...and some other websites aren't working.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by Owner (administrator) on DELL-PC (14-06-2016 19:58:02)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
( ) C:\WINDOWS\System32\dlcxcoms.exe
() C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31\jnsm1296.tmp
(McAfee, Inc.) C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
() C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31\hnsc284A.tmp
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
() C:\Users\Owner\AppData\Roaming\Gifavhg\Gifavhg.exe
() C:\Users\Owner\AppData\Roaming\Gifavhg\Toketh.exe
() C:\Users\Owner\AppData\Roaming\Gifavhg\Tuslamrer.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\vds.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(McAfee, Inc.) C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Adobe Systems, Incorporated) C:\Users\Owner\Downloads\PhotoshopCS4Portable\PhotoshopCS4Portable\App\Photoshop\Photoshop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31\knspEDDD.tmp
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe [292336 2007-01-12] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-09-11] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [mcagent_exe] => C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe [645328 2009-05-01] (McAfee, Inc.)
HKLM-x32\...\Run: [DellComms] => C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe [206064 2009-05-05] (SupportSoft, Inc.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\RunOnce: [Update] => C:\Users\Owner\AppData\Roaming\NUIns\NUIns.exe /runonce
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\...\Run: [Lync] => "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-03] (Google Inc.)
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\...\MountPoints2: {5296a2b7-238e-11e4-8bc9-002564ec3a74} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\...\MountPoints2: {ec1cbf1e-89e9-11e5-8528-002564ec3a74} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-02-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-02-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-10-07]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.15 8.8.8.8 4.2.2.2
Tcpip\..\Interfaces\{82DD6FEB-A432-4E8D-A8CA-56B2C196CA74}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{82DD6FEB-A432-4E8D-A8CA-56B2C196CA74}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{B9D1C083-0FD1-4433-B72A-BE26C577BFB6}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{B9D1C083-0FD1-4433-B72A-BE26C577BFB6}: [DhcpNameServer] 192.168.1.15 8.8.8.8 4.2.2.2
Internet Explorer:
==================
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {B99B76B9-434A-4F0F-B78F-5B285D2591D1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {B99B76B9-434A-4F0F-B78F-5B285D2591D1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {5D8973F4-EB47-47BD-8115-6C889A6DB71D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {5D8973F4-EB47-47BD-8115-6C889A6DB71D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2011494133-3271398465-1570858712-1000 -> DefaultScope {B99B76B9-434A-4F0F-B78F-5B285D2591D1} URL =
SearchScopes: HKU\S-1-5-21-2011494133-3271398465-1570858712-1000 -> {5D8973F4-EB47-47BD-8115-6C889A6DB71D} URL =
SearchScopes: HKU\S-1-5-21-2011494133-3271398465-1570858712-1000 -> {B99B76B9-434A-4F0F-B78F-5B285D2591D1} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll => No File
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-06-18] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL => No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-13] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2010-02-13] (Sun Microsystems, Inc.)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [2009-06-18] (McAfee, Inc.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-02-13] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-2011494133-3271398465-1570858712-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttruip1d.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/?fr=befhp&type=ffhp-3.20-1510
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2010-02-13] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-03-17] ()
FF Plugin HKU\S-1-5-21-2011494133-3271398465-1570858712-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttruip1d.default\user.js [2016-05-18]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttruip1d.default\searchplugins\yahoo-with-coupons-by-befrugal.xml [2015-10-16]
FF Extension: BeFrugal Coupons Add-On - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttruip1d.default\extensions\
[email protected] [2015-10-16]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Pin It Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-01-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.)
R2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [561152 2006-10-11] ( )
R2 dlcx_device; C:\Windows\SysWOW64\dlcxcoms.exe [532480 2006-10-11] ( ) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 dowidoly; C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31\jnsm1296.tmp [244224 2016-05-18] () [File not signed]
R2 mcmscsvc; C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe [865832 2009-05-01] (McAfee, Inc.)
R2 McNASvc; C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe [2482848 2009-04-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [696848 2009-06-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe [359952 2009-04-09] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [155456 2009-06-18] (McAfee, Inc.)
R3 McSysmon; C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe [606736 2009-06-16] (McAfee, Inc.)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-18] (DotC United Inc)
R2 redynesozbt; C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31\knspEDDD.tmp [388608 2016-06-14] () [File not signed]
R2 rijufoze; C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31\hnsc284A.tmp [138240 2016-05-18] () [File not signed]
R2 Vhbuikne; C:\Users\Owner\AppData\Roaming\Gifavhg\Gifavhg.exe [170496 2016-05-18] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Anhkytal; "C:\Users\Owner\AppData\Roaming\LotcToivlan\Dejdeuti.exe" -cms [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-05-18] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-05-18] (DotC United Inc)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-14 19:58 - 2016-06-14 19:58 - 00023227 _____ C:\Users\Owner\Downloads\FRST.txt
2016-06-14 19:57 - 2016-06-14 19:58 - 00000000 ____D C:\FRST
2016-06-14 19:56 - 2016-06-14 19:57 - 02385920 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-06-14 19:08 - 2016-06-14 19:08 - 45134600 _____ C:\Users\Owner\Downloads\Firefox Setup 47.0.exe
2016-06-13 18:23 - 2016-06-13 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-06-12 18:23 - 2016-06-12 18:23 - 00052325 _____ C:\Users\Owner\Downloads\bow cutting.studio3
2016-06-12 17:17 - 2016-06-12 17:17 - 00098213 _____ C:\Users\Owner\Downloads\FLAT Final Logo_2.studio3
2016-06-12 17:17 - 2016-06-12 17:17 - 00068830 _____ C:\Users\Owner\Downloads\Untitled-2.studio3
2016-06-07 19:09 - 2016-06-07 19:09 - 00914030 _____ C:\Users\Owner\Downloads\line dance cowboy.studio3
2016-06-07 19:09 - 2016-06-07 19:09 - 00793782 _____ C:\Users\Owner\Downloads\cheer mom.studio3
2016-06-07 19:09 - 2016-06-07 19:09 - 00616145 _____ C:\Users\Owner\Downloads\ksa lg.studio3
2016-06-07 19:08 - 2016-06-12 17:17 - 00054410 _____ C:\Users\Owner\Downloads\ksa lg outline.studio3
2016-06-06 18:15 - 2016-06-06 18:15 - 00176449 _____ C:\Users\Owner\Downloads\TMNT-face (2).studio3
2016-06-06 18:15 - 2016-06-06 18:15 - 00176449 _____ C:\Users\Owner\Downloads\TMNT-face (1).studio3
2016-06-06 18:14 - 2016-06-06 18:14 - 00176449 _____ C:\Users\Owner\Downloads\TMNT-face.studio3
2016-05-31 19:59 - 2016-05-31 19:59 - 02020138 _____ C:\Users\Owner\Downloads\IMG_1430.jpeg
2016-05-20 18:10 - 2016-05-20 18:10 - 00194820 _____ C:\Users\Owner\Downloads\is an artist Pablo Picasso.studio3
2016-05-19 19:04 - 2016-06-13 18:23 - 00001691 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-05-18 19:41 - 2016-05-18 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MCorp
2016-05-18 19:41 - 2016-05-18 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-05-18 19:41 - 2016-05-18 19:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-05-18 19:41 - 2016-05-18 19:41 - 00000000 ____D C:\ProgramData\Adobe
2016-05-18 19:35 - 2016-05-18 19:35 - 00000000 ____D C:\Windows\system32\jaha
2016-05-18 19:34 - 2016-05-18 19:36 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-05-18 19:34 - 2016-05-18 19:34 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-05-18 19:34 - 2016-05-18 19:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Gifavhg
2016-05-18 19:34 - 2016-05-18 19:34 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Company
2016-05-18 19:34 - 2016-05-18 19:34 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-05-18 19:34 - 2016-05-18 19:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempfolder
2016-05-18 19:34 - 2016-05-18 19:34 - 00000000 ____D C:\uninst
2016-05-18 19:34 - 2016-05-18 19:32 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-05-18 19:33 - 2016-06-14 19:52 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31
2016-05-18 19:31 - 2016-05-18 19:31 - 00188276 _____ C:\Users\Owner\Downloads\Adobe Lightroom 5.6 Portable Full Active Download (1).rar
2016-05-18 19:29 - 2016-05-18 19:29 - 00000000 ____D C:\Users\Owner\Downloads\Lightroom 5.0-Portable [64Bit]
2016-05-18 19:23 - 2016-05-18 19:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
2016-05-18 19:19 - 2016-05-19 19:04 - 00000000 ____D C:\Program Files\WinRAR
2016-05-18 19:19 - 2016-05-18 19:19 - 01992744 _____ C:\Users\Owner\Downloads\winrar-x64-531b1.exe
2016-05-18 19:19 - 2016-05-18 19:19 - 00188260 _____ C:\Users\Owner\Downloads\Adobe Lightroom 5.6 Portable Full Active Download.rar
2016-05-18 19:12 - 2016-05-18 19:12 - 00004044 _____ C:\Windows\System32\Tasks\e02c4bd5-54d5-4470-9ea0-a68d88112c00
2016-05-18 19:12 - 2016-05-18 19:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickCleaner
2016-05-18 19:12 - 2016-05-18 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\WINTUNEPRO
2016-05-18 19:12 - 2016-05-18 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\QuickCleaner
2016-05-18 19:11 - 2016-05-18 19:11 - 40064174 _____ C:\Users\Owner\Downloads\PhotoshopLightroom-5.6.exe
2016-05-18 19:07 - 2016-05-18 19:07 - 41622722 _____ C:\Users\Owner\Downloads\Lightroom 5.0-Portable [64Bit].rar
2016-05-18 18:58 - 2016-05-18 18:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe-BackupByPhotoshopPortable
2016-05-18 18:58 - 2016-05-18 18:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe-BackupByPhotoshopPortable
2016-05-18 18:58 - 2016-05-18 18:58 - 00000000 ____D C:\ProgramData\Adobe-BackupByPhotoshopPortable
2016-05-18 17:06 - 2016-05-18 19:34 - 00082240 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-14 19:53 - 2013-12-04 20:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2016-06-14 19:43 - 2013-12-25 21:03 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2016-06-14 19:43 - 2010-02-13 16:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-14 19:43 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-14 19:42 - 2014-06-23 16:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\CoffeeCup Software
2016-06-14 19:37 - 2013-10-08 13:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 19:37 - 2013-10-08 13:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-14 19:23 - 2014-05-07 19:58 - 00000792 ____H C:\Windows\system32\RICOH AficioSG3110DN RPCS-R.CAC
2016-06-14 19:21 - 2015-11-02 16:49 - 00000000 _____ C:\Users\Owner\Documents\SG_Local_2
2016-06-14 19:17 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-14 19:17 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-14 19:08 - 2013-10-08 12:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-14 19:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 19:00 - 2010-02-13 18:11 - 00000000 ____D C:\dell
2016-06-13 18:29 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 18:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-06-13 18:26 - 2014-04-27 17:19 - 00000000 ___RD C:\Users\Owner\Google Drive
2016-06-13 18:23 - 2013-10-07 13:17 - 00000000 ____D C:\Users\Owner\AppData\Local\SoftThinks
2016-06-13 18:23 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-08 20:31 - 2013-10-08 13:39 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 20:31 - 2013-10-08 13:39 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 19:09 - 2014-04-04 22:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2016-06-01 19:10 - 2014-04-24 21:44 - 00002004 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-06-01 19:10 - 2014-04-24 21:44 - 00002002 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-06-01 19:10 - 2014-04-24 21:44 - 00001992 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-06-01 19:10 - 2014-04-24 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-26 03:01 - 2015-04-07 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 03:01 - 2015-04-07 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-20 18:09 - 2014-08-20 18:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-18 19:41 - 2010-02-13 16:40 - 00000000 ____D C:\ProgramData\WildTangent
==================== Files in the root of some directories =======
2014-04-24 21:29 - 2014-04-25 03:24 - 6000640 _____ () C:\Program Files (x86)\GUT4A4B.tmp
2013-11-01 23:53 - 2016-04-25 19:21 - 0006420 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2015-05-18 17:35 - 2015-05-18 17:35 - 0893239 _____ () C:\Users\Owner\AppData\Local\a.zip
2015-05-18 17:35 - 2015-05-18 17:35 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Owner\AppData\Local\BcsKtYcHW.dll
2014-06-10 18:40 - 2014-06-10 18:40 - 0000000 _____ () C:\Users\Owner\AppData\Local\{A9117753-CD11-4AEB-891E-3EE351C19723}
2013-12-04 20:31 - 2013-12-04 20:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-21 20:43 - 2014-08-21 20:43 - 5921910 _____ () C:\ProgramData\SPL79E4.tmp
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\EBU33EF.exe
C:\Users\Owner\AppData\Local\Temp\EBU451E.DLL
C:\Users\Owner\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Owner\AppData\Local\Temp\installerdll494355546.dll
C:\Users\Owner\AppData\Local\Temp\installerdll494363159.dll
C:\Users\Owner\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\rootsupd.exe
C:\Users\Owner\AppData\Local\Temp\Setup.exe
C:\Users\Owner\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Owner\AppData\Local\Temp\vcredist.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Owner\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2013-10-08 12:50] - [2013-10-08 12:50] - 0357888 ____A (Microsoft Corporation) 3E5637A4699931E6000E81422C8A7DCA
C:\Windows\SysWOW64\dnsapi.dll
[2013-10-08 12:50] - [2013-10-08 12:50] - 0270336 ____A (Microsoft Corporation) 8066F590803F7A847483ED20ADB44AB4
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-12 14:30
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
Ran by Owner (2016-06-14 19:59:15)
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-10-07 18:16:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2011494133-3271398465-1570858712-500 - Administrator - Disabled)
Guest (S-1-5-21-2011494133-3271398465-1570858712-501 - Limited - Disabled)
Owner (S-1-5-21-2011494133-3271398465-1570858712-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee VirusScan (Enabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Dell Communications (Support Software) (HKLM-x32\...\{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}) (Version: 1.0.09094 - Dell)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0031 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version: - Dell, Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PowerDriver-v4 SG3110DN (US) (HKLM\...\PowerDriver-v4 SG3110DN (US)) (Version: v4.2.1.937 - Sawgrass Technologies, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Silhouette Studio (HKLM-x32\...\{BBF0A6BB-0E33-4FB9-A5B2-62908C9236F8}) (Version: 3.3.638 - Silhouette America)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.28.84 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2E998362-1957-4642-9A95-0B2E49F6A3E6} - System32\Tasks\{EBC1E064-B27A-4529-8CAF-B1E55AEFDF57} => pcalua.exe -a C:\dell\drivers\R150575\Setup.exe -d C:\dell\drivers\R150575
Task: {3100AB08-DC9F-4775-896C-AD94E0E97E81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {35985458-4BBC-4AEE-8276-8611CC802CBE} - System32\Tasks\{45716EDC-F6A5-4966-AA83-0CFDDE466D68} => pcalua.exe -a C:\dell\drivers\R146832\Setup.exe -d C:\dell\drivers\R146832
Task: {3E9C7A86-88DD-469C-9694-42554A1CE5A2} - System32\Tasks\e02c4bd5-54d5-4470-9ea0-a68d88112c00 => C:\Users\Owner\AppData\Roaming\QuickCleaner\QuickCleaner.exe [2016-05-18] () <==== ATTENTION
Task: {450FC2F7-E6D3-4BA3-B4EF-BA973869D53E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {67B72D04-5E03-4941-BB0F-AF16D377D392} - System32\Tasks\{61CE6A40-6C15-4C6F-B604-BD6CCCE9EEC3} => Firefox.exe
Task: {A007CBF0-55B4-4696-87E3-6265AF27477D} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B057A714-534D-4733-8D6E-681FF4CA7176} - System32\Tasks\{90001D1C-E173-458F-85CD-7561E927A2AE} => Firefox.exe
Task: {CB87F3AD-E8D3-4FC8-BB2C-B26B87FC2B3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D9885922-3BD3-42C7-95B6-E15DDD09985D} - System32\Tasks\avast! Emergency Update
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-08-21 19:53 - 2006-10-20 00:39 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlcxdrpp.dll
2015-03-09 12:47 - 2015-03-09 12:47 - 00388096 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\SG_XML_v4.dll
2016-05-18 19:34 - 2016-05-18 19:34 - 00244224 _____ () C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31\jnsm1296.tmp
2016-05-18 17:04 - 2016-05-18 17:04 - 00668672 _____ () C:\Users\Owner\AppData\Roaming\Gifavhg\Tuslamrer.dll
2016-05-18 19:34 - 2016-05-18 19:34 - 00138240 _____ () C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31\hnsc284A.tmp
2016-05-18 17:04 - 2016-05-18 17:04 - 00170496 _____ () C:\Users\Owner\AppData\Roaming\Gifavhg\Gifavhg.exe
2016-05-18 17:04 - 2016-05-18 17:04 - 00112128 _____ () C:\Users\Owner\AppData\Roaming\Gifavhg\Toketh.exe
2016-05-18 17:04 - 2016-05-18 17:04 - 00143872 _____ () C:\Users\Owner\AppData\Roaming\Gifavhg\Tuslamrer.exe
2010-02-13 16:43 - 2009-09-17 14:06 - 00410864 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2014-08-21 19:53 - 2007-01-12 11:57 - 00292336 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
2014-08-21 19:53 - 2006-11-03 17:04 - 00304008 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
2016-05-11 03:55 - 2016-05-11 03:55 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\f662ab6ce54fe3aac1af05bfaa02bb90\VistaBridgeLibrary.ni.dll
2009-09-11 13:07 - 2009-09-11 13:07 - 01779952 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-10-15 04:10 - 2009-10-15 04:10 - 01169904 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
2016-06-14 18:42 - 2016-06-14 18:42 - 00388608 _____ () C:\Program Files (x86)\4C4C4544-1463618029-3910-8053-B9C04F4E4C31\knspEDDD.tmp
2010-02-13 16:42 - 2009-09-17 14:04 - 00115952 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-02-13 16:42 - 2009-09-17 14:05 - 00128240 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2016-05-18 17:04 - 2016-05-18 17:04 - 00258560 _____ () C:\Users\Owner\AppData\Roaming\Gifavhg\Toketh.dll
2010-02-13 16:42 - 2009-09-17 14:04 - 01123568 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-02-13 16:42 - 2009-09-17 14:05 - 00079088 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-02-13 16:42 - 2009-09-17 14:05 - 00234736 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-02-13 16:42 - 2009-09-17 14:05 - 00074992 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-02-13 16:42 - 2009-09-17 14:05 - 00111856 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-02-13 16:42 - 2009-09-17 14:05 - 00121072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2014-08-21 19:53 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll
2014-08-21 19:53 - 2006-09-06 05:13 - 00073728 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxcfg.dll
2009-09-11 13:08 - 2009-09-11 13:08 - 00268016 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-09-11 13:05 - 2009-09-11 13:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-09-11 13:08 - 2009-09-11 13:08 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-09-11 13:08 - 2009-09-11 13:08 - 00140528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-08-21 11:57 - 2009-08-21 11:57 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2009-10-15 04:10 - 2009-10-15 04:10 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
2009-09-28 01:52 - 2009-09-28 01:52 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2016-06-13 18:24 - 2016-06-13 18:24 - 00098816 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32api.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00110080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\pywintypes27.dll
2016-06-13 18:24 - 2016-06-13 18:24 - 00364544 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\pythoncom27.dll
2016-06-13 18:24 - 2016-06-13 18:24 - 00320512 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32com.shell.shell.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00776704 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\_hashlib.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 01176576 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\wx._core_.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00806400 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\wx._gdi_.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00816128 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\wx._windows_.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 01067008 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\wx._controls_.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00733184 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\wx._misc_.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00682496 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\pysqlite2._sqlite.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00088064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\_ctypes.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00119808 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32file.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00108544 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32security.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00007168 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\hashobjs_ext.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00017920 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\thumbnails_ext.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00088064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\usb_ext.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00012288 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\common.time34.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00018432 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32event.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00167936 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32gui.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00046080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\_socket.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 01208320 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\_ssl.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00128512 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\_elementtree.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00127488 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\pyexpat.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00038912 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32inet.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00036864 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\_psutil_windows.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00525208 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\windows._lib_cacheinvalidation.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00011264 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32crypt.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00077312 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\wx._html2.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00027136 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\_multiprocessing.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00020480 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\_yappi.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00035840 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32process.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00686080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\unicodedata.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00078848 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\wx._animate.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00123392 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\wx._wizard.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00024064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32pipe.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00010240 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\select.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00025600 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32pdh.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00017408 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32profile.pyd
2016-06-13 18:24 - 2016-06-13 18:24 - 00022528 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI39722\win32ts.pyd
2016-06-08 20:31 - 2016-06-03 20:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-08 20:31 - 2016-06-03 20:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2008-09-18 18:24 - 2014-11-10 21:53 - 00424960 _____ () C:\Users\Owner\Downloads\PhotoshopCS4Portable\PhotoshopCS4Portable\App\Photoshop\AdobeXMP.dll
2008-09-18 18:38 - 2014-11-10 21:53 - 00049152 _____ () C:\Users\Owner\Downloads\PhotoshopCS4Portable\PhotoshopCS4Portable\App\Photoshop\QuickTimeGlue.dll
2014-08-21 19:53 - 2006-09-22 06:42 - 00065536 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxcaps.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-05-18 19:32 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2011494133-3271398465-1570858712-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{ACF03C22-7B9A-4B88-876F-958F41FC1DDB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{1E383491-05CA-4EE8-A5C1-1639898E1446}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{36FAD28F-83A3-4EDD-87B3-1EC81E510542}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B5123A38-06B2-47EF-86B6-71B7474A6DBC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2ADAD5A2-C674-42DC-ADBD-9C16F81CC099}] => (Allow) svchost.exe
FirewallRules: [{8315AC1B-E8C3-4D31-9134-7112CA96D253}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A8677778-7117-4CB6-B551-087629EE825E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{D82ABBE3-884C-444B-B841-EF0D2DE7D7BD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{18FAADDD-80A8-4EA3-8DFD-C0E6C5F37B9B}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{EDE15EF5-D694-4FA1-A341-CBA1A9474201}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7F1F3CCA-34C4-4078-B0A7-72BA2481C714}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9C09CAE2-C268-45D6-B4EB-11D2756B411B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{51D723FA-1786-490B-B061-F65719ADC1C4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{CEAC6B2A-10F9-44CA-8DF8-F54910E1BA8A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{A8739F26-135A-4BB6-AB39-3FD407B807E9}] => (Allow) C:\WINDOWS\SysWOW64\dlcxcoms.exe
FirewallRules: [{9A1E9565-D5E4-4994-A5E2-F7906B27C5CD}] => (Allow) C:\WINDOWS\SysWOW64\dlcxcoms.exe
FirewallRules: [{80EAC2E9-7653-4D27-A480-A2B902AB0D4A}] => (Allow) C:\WINDOWS\System32\dlcxcoms.exe
FirewallRules: [{5F5CE3ED-B8B3-4487-9E88-5C0885B2A337}] => (Allow) C:\WINDOWS\System32\dlcxcoms.exe
FirewallRules: [{8DA95C38-0C13-414E-BFA1-362442E82E88}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{8C11FB18-E7DD-4113-9114-1CCCDC245387}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{23DB37CC-87AE-4C35-91F7-9C4C18D2EBA7}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{E509DAE9-A988-4DC7-96D9-9049979B9A5E}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{6A05C65B-7B16-455E-A4E5-FA34B05E3EF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCF9C4E7-4055-4654-B895-949F90313802}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{61D4D8E8-61A1-4959-A971-BEF094B0CD93}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3AE47E1-1AF5-46AC-A7CD-73EB97EC8CC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7FCBDE6-22B6-4A7B-853A-9FD253DE5828}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
20-05-2016 17:06:00 Scheduled Checkpoint
26-05-2016 03:00:29 Windows Update
04-06-2016 10:24:20 Scheduled Checkpoint
12-06-2016 14:37:40 Scheduled Checkpoint
14-06-2016 19:40:18 Removed The Sims 3 Late Night
14-06-2016 19:43:18 Removed The Sims 3 Master Suite Stuff
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/14/2016 07:53:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (06/14/2016 07:53:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (05/22/2016 03:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CouponPrinterService.exe, version: 6.0.2.8, time stamp: 0x555a2d93
Faulting module name: hpz3rlhn.dll, version: 61.53.25.9, time stamp: 0x4538229b
Exception code: 0xc0000005
Fault offset: 0x0000000000028b05
Faulting process id: 0x1998
Faulting application start time: 0xCouponPrinterService.exe0
Faulting application path: CouponPrinterService.exe1
Faulting module path: CouponPrinterService.exe2
Report Id: CouponPrinterService.exe3
Error: (05/22/2016 02:19:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CouponPrinterService.exe, version: 6.0.2.8, time stamp: 0x555a2d93
Faulting module name: hpz3rlhn.dll, version: 61.53.25.9, time stamp: 0x4538229b
Exception code: 0xc0000005
Fault offset: 0x0000000000028b05
Faulting process id: 0x1608
Faulting application start time: 0xCouponPrinterService.exe0
Faulting application path: CouponPrinterService.exe1
Faulting module path: CouponPrinterService.exe2
Report Id: CouponPrinterService.exe3
Error: (05/18/2016 07:35:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vnsmB87C.tmp, version: 0.0.0.0, time stamp: 0x4f47e2e9
Faulting module name: System.dll, version: 0.0.0.0, time stamp: 0x4f47e2c7
Exception code: 0xc0000005
Fault offset: 0x000018cb
Faulting process id: 0x13a0
Faulting application start time: 0xvnsmB87C.tmp0
Faulting application path: vnsmB87C.tmp1
Faulting module path: vnsmB87C.tmp2
Report Id: vnsmB87C.tmp3
Error: (05/18/2016 07:34:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (05/18/2016 07:34:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/03/2016 06:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Silhouette Studio.exe, version: 3.3.638.279, time stamp: 0x50d4fc89
Faulting module name: RBGUIFramework.dll, version: 0.0.0.0, time stamp: 0x50d4fccb
Exception code: 0xc0000005
Fault offset: 0x000b3d36
Faulting process id: 0xfe8
Faulting application start time: 0xSilhouette Studio.exe0
Faulting application path: Silhouette Studio.exe1
Faulting module path: Silhouette Studio.exe2
Report Id: Silhouette Studio.exe3
Error: (04/03/2016 02:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CouponPrinterService.exe, version: 6.0.2.8, time stamp: 0x555a2d93
Faulting module name: hpz3rlhn.dll, version: 61.53.25.9, time stamp: 0x4538229b
Exception code: 0xc0000005
Fault offset: 0x0000000000028b05
Faulting process id: 0x18c4
Faulting application start time: 0xCouponPrinterService.exe0
Faulting application path: CouponPrinterService.exe1
Faulting module path: CouponPrinterService.exe2
Report Id: CouponPrinterService.exe3
Error: (04/03/2016 02:55:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CouponPrinterService.exe, version: 6.0.2.8, time stamp: 0x555a2d93
Faulting module name: hpz3rlhn.dll, version: 61.53.25.9, time stamp: 0x4538229b
Exception code: 0xc0000005
Fault offset: 0x0000000000028b05
Faulting process id: 0xd44
Faulting application start time: 0xCouponPrinterService.exe0
Faulting application path: CouponPrinterService.exe1
Faulting module path: CouponPrinterService.exe2
Report Id: CouponPrinterService.exe3
System errors:
=============
Error: (06/14/2016 06:19:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (06/14/2016 06:18:44 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (06/14/2016 06:18:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (06/14/2016 06:17:44 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (06/13/2016 06:30:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (06/13/2016 06:30:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (06/13/2016 06:29:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (06/13/2016 06:29:37 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (06/13/2016 06:24:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (06/13/2016 06:23:55 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
==================== Memory info ===========================
Processor: Intel® Core i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 39%
Total physical RAM: 8119.12 MB
Available physical RAM: 4925.5 MB
Total Virtual: 16236.42 MB
Available Virtual: 12095 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:792.25 GB) NTFS
Drive d: (Boudoir 2015 LJ) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:3.63 GB) (Free:2.47 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D31092E5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 3.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================