TechSpot

Hi

By JohnOlgin
Sep 23, 2015
  1. My computer isnt working entirly, can you assist me? when I go to explorer half the time it won't load pages and my home page is not right. mozilla is the same way until I reload the page multiple times.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
    Ran by Marie (administrator) on ADMIN-PC (23-09-2015 13:55:16)
    Running from C:\Users\Marie\Desktop
    Loaded Profiles: RA Media Server & Marie (Available Profiles: RA Media Server & Marie & Gilbert & John & Lancee & Mcx1)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    () C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
    (Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
    (SingleClick Systems) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
    (Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
    (Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    () C:\Program Files\ShrewSoft\VPN Client\iked.exe
    () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
    (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Windows\ehome\ehsched.exe
    (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Microsoft Corporation) C:\Windows\System32\wpcumi.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
    () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Dropbox, Inc.) C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (Oracle Corporation) C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe
    (Oracle Corporation) C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
    (Farbar) C:\Users\Marie\Desktop\FRST64(1).exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6975520 2009-02-24] (Realtek Semiconductor)
    HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
    HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
    HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
    HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2012-12-20] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [718248 2015-02-11] (McAfee, Inc.)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [3634024 2009-10-01] (AOL LLC)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [GizmoDriveDelegate] => RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77528 2015-05-16] (Intuit Inc.)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [Dropbox Update] => C:\Users\Marie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [GoogleChromeAutoLaunch_ECA2AE7F16B251F2BD57F2916F5A3FE9] => C:\Users\Marie\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [GizmoDriveDelegate] => RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
    HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    Startup: C:\Users\Admin`\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-05-16]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-05-07]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-05-27]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-05-19]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-05-17]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Lancee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-05-17]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-03-01]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-22]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-04-04]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-20]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-16]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0EB5217B-D408-480B-B834-370FD866A684}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68}: [NameServer] 170.65.228.4,170.65.232.77

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {1B977252-65EC-DFCB-E752-794A37822658} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {B06422FF-7A69-44E1-BFE5-E991BFEC709C} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL =
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {f629d4d6-d9d2-4d72-b61c-34223be78085} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> DefaultScope {1D5FE508-68AA-4C39-AFF3-AD1A6A0A313B} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US636D20131020&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> {1D5FE508-68AA-4C39-AFF3-AD1A6A0A313B} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US636D20131020&p={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-17] (McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-17] (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-17] (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-17] (McAfee, Inc.)
    Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-17] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-17] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-17] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-17] (McAfee, Inc.)
    Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-04-15] (SAP, Walldorf)
    Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-04-15] (SAP, Walldorf)
    Filter: application/octet-stream - No CLSID Value
    Filter: application/x-complus - No CLSID Value
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-03-03] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
    Filter: application/x-msdownload - No CLSID Value

    FireFox:
    ========
    FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Homepage: hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_33&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByE0EzztDtA0AtDyByByDyEtAtAtN0D0Tzu0StCtAtBtAtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DtD0AtCtCyB0FtGyDtAyE0AtGyEtB0BtAtGtByC0AtBtGtC0DyDyEyC0A0FtByCyC0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtByDyEtA0DyBtAtG0BtD0EzytGyEyE0FzztGzyzz0AtBtGtDyByCyE0Dzy0EtBtDtD0E0C2QtN0A0LzutB%26cr%3D1026606081%26a%3Dwncy_ir_15_33%26os%3DWindows%2B(TM)%2BVista%2BHome%2BPremium
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
    FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-12-20] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-12-20] (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @nsroblox.roblox.com/launcher -> C:\Users\Marie\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll [2012-12-18] ( Roblox Corporation)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-06-13] (Google)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @talk.google.com/O1DPlugin -> C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-06-13] (Google)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @talk.google.com/O3DPlugin -> C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-13] ()
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-12-20] (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-12-20] (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Marie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-06-13] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Marie\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-13] ()
     
  2. JohnOlgin

    JohnOlgin TS Rookie Topic Starter

    FF Plugin ProgramFiles/Appdata: C:\Users\Marie\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-06-13] (Google)
    FF Extension: WOT - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-11]
    FF Extension: Set Search Settings - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\Extensions\{b54cc223-b03f-4f2f-8cab-347ec67ab3fe} [2015-08-15]
    FF Extension: Pin It button - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\Extensions\pinterest@robertnyman.com.xpi [2014-06-20]
    FF Extension: Word Layers - C:\Program Files (x86)\Mozilla Firefox\extensions\ugnraew@jqhljqmpngx.net [2015-08-29]
    FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-08-29]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-17]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-16]
    FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-20]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-20]
    FF HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Firefox\Extensions: [{02A3ACBC-F3DA-11E1-8270-B8AC6F996F26}] - C:\Users\Marie\AppData\Local\{02A3ACBC-F3DA-11E1-8270-B8AC6F996F26}

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-10-20]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-10-20]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 0302021441826465mcinstcleanup; C:\Windows\TEMP\030202~1.EXE [883024 2015-05-04] (McAfee, Inc.)
    R2 Apache2.2; C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-12-07] (BitRaider, LLC)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
    R2 dsl-db; C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
    R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [31856 2010-02-14] (Arainia Solutions) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127224 2013-04-23] ()
    R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-04-23] ()
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-08-17] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [752232 2015-03-03] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [605472 2015-02-27] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
    R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [32840 2010-02-14] (Arainia Solutions LLC)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [153600 2010-12-15] (HTC Corporation)
    R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
    R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
    S3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [146312 2009-02-13] (NCP Engineering GmbH)
    R1 omci; C:\Windows\System32\DRIVERS\omci.sys [26112 2008-08-21] (Dell Inc.)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-07] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2007-04-19] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2007-04-19] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2007-04-19] (LG Electronics Inc.)
    S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
    S3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-04-02] (Check Point Software Technologies)
    S3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2009-04-02] (Check Point Software Technologies)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-23 13:49 - 2015-09-23 13:54 - 00000000 ____D C:\Users\Marie\Desktop\Desktop Crap
    2015-09-23 13:09 - 2015-09-23 13:09 - 02192384 _____ (Farbar) C:\Users\Marie\Desktop\FRST64(1).exe
    2015-09-20 08:14 - 2015-09-20 18:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f3b76397d20.job
    2015-09-20 08:14 - 2015-09-20 08:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f3b76397d20
    2015-09-15 15:52 - 2015-09-15 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2015-09-09 03:21 - 2015-07-10 07:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-09-09 03:21 - 2015-07-10 07:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-09-09 03:10 - 2015-09-02 14:26 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-09-09 03:10 - 2015-09-02 14:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-09-09 03:10 - 2015-09-02 14:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2015-09-09 03:10 - 2015-09-02 14:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-09-09 03:10 - 2015-08-13 07:36 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2015-09-09 03:10 - 2015-08-13 07:36 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2015-09-09 03:00 - 2015-09-02 14:26 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-09-09 03:00 - 2015-09-02 14:25 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-09-09 03:00 - 2015-09-02 13:17 - 02797056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-09-09 03:00 - 2015-09-02 13:16 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-09-09 03:00 - 2015-09-02 12:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-09-09 03:00 - 2015-08-05 08:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-09-08 19:00 - 2015-08-17 10:56 - 17890304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-09-08 19:00 - 2015-08-17 10:53 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-09-08 19:00 - 2015-08-17 10:49 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-09-08 19:00 - 2015-08-17 10:48 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-09-08 19:00 - 2015-08-17 10:47 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-09-08 19:00 - 2015-08-17 10:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-09-08 19:00 - 2015-08-17 10:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-09-08 19:00 - 2015-08-17 10:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-09-08 19:00 - 2015-08-17 10:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-09-08 19:00 - 2015-08-17 10:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-09-08 19:00 - 2015-08-17 10:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-09-08 19:00 - 2015-08-17 10:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-09-08 19:00 - 2015-08-17 10:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-09-08 19:00 - 2015-08-17 10:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-09-08 19:00 - 2015-08-17 10:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-09-08 19:00 - 2015-08-17 10:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-09-08 19:00 - 2015-08-17 10:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-09-08 19:00 - 2015-08-17 10:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-09-08 19:00 - 2015-08-17 10:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-09-08 19:00 - 2015-08-17 10:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-09-08 19:00 - 2015-08-17 10:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-09-08 19:00 - 2015-08-17 10:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-09-08 19:00 - 2015-08-17 10:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-09-08 19:00 - 2015-08-17 10:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-09-01 16:51 - 2015-09-01 16:51 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-08-29 09:09 - 2015-09-23 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-23 13:55 - 2015-03-07 19:26 - 00043487 _____ C:\Users\Marie\Desktop\FRST.txt
    2015-09-23 13:55 - 2015-03-07 19:25 - 00000000 ____D C:\FRST
    2015-09-23 13:44 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-09-23 13:44 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-09-23 12:59 - 2009-05-07 11:02 - 02062857 _____ C:\Windows\WindowsUpdate.log
    2015-09-21 11:42 - 2014-03-11 13:43 - 00000000 ____D C:\Users\Marie\AppData\Local\CrashDumps
    2015-09-20 18:42 - 2009-05-19 20:06 - 00000422 ____H C:\Windows\Tasks\User_Feed_Synchronization-{3D20B27D-5952-4385-9DD3-9C5235C92FFE}.job
    2015-09-20 18:21 - 2014-11-14 01:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2.job
    2015-09-20 18:19 - 2015-02-05 06:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0.job
    2015-09-20 18:16 - 2014-05-08 00:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a8bbdc58d56.job
    2015-09-20 17:59 - 2015-08-15 22:59 - 00000270 _____ C:\Windows\Tasks\UpdateTask.job
    2015-09-20 17:58 - 2012-04-11 07:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-09-20 17:46 - 2015-07-18 10:41 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2355649138-3362126530-1860452381-1002UA1d0c180f30ad0db.job
    2015-09-20 16:20 - 2015-01-19 15:52 - 00000844 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-09-20 16:20 - 2010-02-13 20:41 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2015-09-20 10:46 - 2015-06-21 11:35 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2355649138-3362126530-1860452381-1002Core.job
    2015-09-20 08:19 - 2014-06-21 09:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500.job
    2015-09-20 08:14 - 2015-02-05 06:16 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0
    2015-09-20 08:14 - 2014-06-21 09:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500
    2015-09-20 08:13 - 2011-06-03 11:32 - 00003686 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E20016A9-FAB2-47E1-AB21-0D7A8DF34D7A}
    2015-09-18 16:29 - 2012-02-13 22:03 - 00000000 ____D C:\Users\Marie\Documents\Rentals
    2015-09-17 14:02 - 2009-05-26 09:36 - 00000000 ____D C:\Users\Marie\Documents\Quicken
    2015-09-14 20:45 - 2013-09-14 22:19 - 00000000 ____D C:\Users\Marie\AppData\Roaming\.technic
    2015-09-09 12:21 - 2013-10-20 13:47 - 00000000 ____D C:\Program Files (x86)\McAfee
    2015-09-09 12:06 - 2015-05-16 10:21 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002
    2015-09-09 12:06 - 2015-05-16 10:21 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002
    2015-09-09 11:16 - 2011-04-21 15:29 - 00000000 ___RD C:\Users\Marie\Dropbox
    2015-09-09 11:16 - 2011-04-21 15:10 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Dropbox
    2015-09-09 11:14 - 2015-06-27 10:59 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002
    2015-09-09 11:14 - 2015-06-27 10:59 - 00003228 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002
    2015-09-09 04:00 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\rescache
    2015-09-09 03:46 - 2006-11-02 08:07 - 00000000 ___RD C:\Users\Public\Recorded TV
    2015-09-09 03:44 - 2009-05-16 20:41 - 00000000 ____D C:\ProgramData\TEMP
    2015-09-09 03:43 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-09-09 03:43 - 2006-11-02 08:21 - 00482280 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-09-09 03:41 - 2014-04-02 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-09-09 03:41 - 2013-04-27 21:39 - 00793516 _____ C:\Windows\PFRO.log
    2015-09-09 03:40 - 2006-11-02 08:42 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-09-09 03:39 - 2009-05-07 11:02 - 00002140 _____ C:\Windows\bthservsdp.dat
    2015-09-09 03:39 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Journal
    2015-09-09 03:39 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-09-09 03:23 - 2009-06-01 16:36 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-09-09 03:20 - 2013-08-15 03:04 - 00000000 ____D C:\Windows\system32\MRT
    2015-09-03 22:31 - 2010-03-20 18:12 - 00000000 ____D C:\Users\Mcx1
    2015-09-03 22:31 - 2009-05-17 17:26 - 00000000 ____D C:\Users\Lancee
    2015-09-03 00:59 - 2015-08-15 23:59 - 00000136 _____ C:\Users\Marie\AppData\Roaming\WB.CFG
    2015-08-29 00:14 - 2009-05-26 09:32 - 00000000 ____D C:\ProgramData\Intuit
    2015-08-26 18:37 - 2006-11-02 05:35 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

    ==================== Files in the root of some directories =======

    2015-03-10 18:46 - 2015-03-24 18:41 - 0000020 _____ () C:\Users\Marie\AppData\Roaming\appdataFr3.bin
    2015-08-15 23:59 - 2015-09-03 00:59 - 0000136 _____ () C:\Users\Marie\AppData\Roaming\WB.CFG
    2015-08-15 23:00 - 2015-08-15 23:00 - 0196224 _____ () C:\Users\Marie\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
    2015-08-15 23:00 - 2015-08-15 23:00 - 0000002 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35error.txt
    2015-08-15 23:00 - 2015-08-15 23:03 - 0281070 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35install.txt
    2015-08-15 23:01 - 2015-08-15 23:03 - 2797912 _____ () C:\Users\Marie\AppData\Local\dd_NET_Framework35_x64_MSI3E7A.txt
    2015-08-15 23:00 - 2015-08-15 23:03 - 0016966 _____ () C:\Users\Marie\AppData\Local\uxeventlog.txt

    Some files in TEMP:
    ====================
    C:\Users\Marie\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfqq0b1.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-09-23 06:02

    ==================== End of FRST.txt ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] You're not saying what your computer issues are.

    [​IMG] I still need Addition.txt log from FRST.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Reopened.
     
  5. JohnOlgin

    JohnOlgin TS Rookie Topic Starter

    This is not the first time this application has run on my computer. Addition.txt didn't get created. How do I make it create that? The problems on my computer seem to be a fake search engine which prevents my home page from loading and lots of random popups. and pages don't load the first time, I have to refresh multiple times to make the page finally load.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Re-run FRST.
    Make sure you checkmark Addition.txt box so both logs will be produced.
     
  7. JohnOlgin

    JohnOlgin TS Rookie Topic Starter

    Ok I did that what should I do next?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I need to see Addition.txt log.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    No need to PM me.
    I receive email notifications about your replies.
    However I'm not here 24/7 so you have to be patient.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...