Inactive-A FRST txt

Status
Not open for further replies.
uber_beetle

uber_beetle

Posts: 91   +0
This is part one... the forum will not let me post the whole thing - apparently there's over 50000 characters.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by blackie (administrator) on BLACKIE-PC (04-10-2015 14:36:59)
Running from C:\Users\blackie\Downloads
Loaded Profiles: blackie (Available Profiles: blackie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(DigiData Corp.) C:\Program Files (x86)\Verizon\Verizon Online Share Drive\vewatch.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(DigiData) C:\Program Files (x86)\Verizon\Verizon Online Backup and Sharing for PC\DigiData.Host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(FGAG) C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2012-11-12] (Dell Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-04] (Intel Corporation)
HKLM-x32\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files (x86)\Verizon\Verizon Online Share Drive\vewatch.exe [17408 2013-06-01] (DigiData Corp.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\Run: [Google Update] => C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-07] (Google Inc.)
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53737488 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\Run: [GoogleChromeAutoLaunch_48A58E948FBE881A0A956C71AD0A097C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-23] (Google Inc.)
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
AppInit_DLLs-x32: c:\progra~3\264878~1\bit71c5.tmp => No File
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-05-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-09-17]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-06-09]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{17941E5A-442D-41F6-A63C-BF3EB16B5E33}: [NameServer] 199.203.131.145,82.163.143.167
Tcpip\..\Interfaces\{17941E5A-442D-41F6-A63C-BF3EB16B5E33}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{437B70CD-ADAD-49FF-B824-F59269156CE8}: [NameServer] 199.203.131.145,82.163.143.167
Tcpip\..\Interfaces\{53BD5BA6-6CBB-45D9-B383-1DB577A39A65}: [NameServer] 199.203.131.145,82.163.143.167
Tcpip\..\Interfaces\{53BD5BA6-6CBB-45D9-B383-1DB577A39A65}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F2882855-F1EC-4A59-A79E-329B4B78F7FC}: [NameServer] 199.203.131.145,82.163.143.167

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2877198976-1275888466-3969009621-1001 -> DefaultScope {E9F0A92A-9A7C-42B3-8103-B6144473DA1E} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US756D20140917&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2877198976-1275888466-3969009621-1001 -> {13F2BE50-5EC5-4187-95CD-A2F95AD7ED03} URL =
SearchScopes: HKU\S-1-5-21-2877198976-1275888466-3969009621-1001 -> {E9F0A92A-9A7C-42B3-8103-B6144473DA1E} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US756D20140917&p={searchTerms}
BHO: EnojoyCouppoin -> {0170af4d-cefd-4bfb-8680-9fa0f3775dd3} -> C:\Program Files (x86)\EnojoyCouppoin\9PQdFU2bLxsjUE.x64.dll No File
BHO: EnjOOyCoupon -> {1A41D1EA-6290-49B1-AB31-401D228E2F4F} -> C:\Program Files (x86)\EnjOOyCoupon\BEEIHt3LCZpQgG.x64.dll No File
BHO: 50CoUpOns -> {82F96EAC-0AEB-4C38-BB02-559085E5760D} -> C:\Program Files (x86)\50CoUpOns\v9aHGptg83lZ21.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: ExstraCOupoon -> {EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE} -> C:\Program Files (x86)\ExstraCOupoon\bsGpVOKllDXMVE.x64.dll No File
BHO-x32: EnjOOyCoupon -> {1A41D1EA-6290-49B1-AB31-401D228E2F4F} -> C:\Program Files (x86)\EnjOOyCoupon\BEEIHt3LCZpQgG.dll No File
BHO-x32: 50CoUpOns -> {82F96EAC-0AEB-4C38-BB02-559085E5760D} -> C:\Program Files (x86)\50CoUpOns\v9aHGptg83lZ21.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: ExstraCOupoon -> {EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE} -> C:\Program Files (x86)\ExstraCOupoon\bsGpVOKllDXMVE.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @citrixonline.com/appdetectorplugin -> C:\Users\blackie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\blackie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-10-29] (Google)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @talk.google.com/O1DPlugin -> C:\Users\blackie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-10-29] (Google)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @talk.google.com/O3DPlugin -> C:\Users\blackie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-10-29] ()
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @tools.google.com/Google Update;version=3 -> C:\Users\blackie\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @tools.google.com/Google Update;version=9 -> C:\Users\blackie\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\blackie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\blackie\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-10-29] ()
FF Plugin ProgramFiles/Appdata: C:\Users\blackie\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-10-29] (Google)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-22]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-09-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPEC1B809F-CE26-4AC6-BC35-9F716494E205&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://searchy.easylifeapp.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\blackie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\blackie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\blackie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adfbpongjnbjgbnjlahkoekcfnfjnnfa [2015-08-01]
CHR Extension: (SiteAdvisor) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-13]
CHR Extension: (IIsaveeer) - C:\ProgramData\gnndakognfbfbaanooocbnjkfbfkgiff\ []
CHR Extension: (EnjOOyCoupon) - C:\ProgramData\peigbjnlgpaalgplkgoolglmdpbjnmim\ []
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-22]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-09-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0304891443141054mcinstcleanup; C:\Windows\TEMP\030489~1.EXE [883024 2015-05-04] (McAfee, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-07-15] (SafeNet Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-15] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 UniversalCommunicationServer; C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe [90112 2008-10-24] (FGAG) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-11-12] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-03-15] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-03-15] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-06] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-07-15] (SafeNet Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-06-17] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-04 14:35 - 2015-10-04 14:36 - 00033572 _____ C:\Users\blackie\Downloads\Addition.txt
2015-10-04 14:34 - 2015-10-04 14:36 - 00028703 _____ C:\Users\blackie\Downloads\FRST.txt
2015-10-04 14:33 - 2015-10-04 14:37 - 00000000 ____D C:\FRST
2015-10-04 14:33 - 2015-10-04 14:33 - 02193920 _____ (Farbar) C:\Users\blackie\Downloads\FRST64.exe
2015-10-04 13:13 - 2015-10-04 13:13 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-04 13:13 - 2015-10-04 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-04 13:12 - 2015-10-04 14:17 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-04 13:12 - 2015-10-04 13:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-04 13:12 - 2015-10-04 13:12 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-04 13:12 - 2015-10-04 13:12 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-29 14:21 - 2015-09-29 14:21 - 06122021 _____ C:\Users\blackie\Downloads\SquareMonogram.zip
2015-09-29 14:21 - 2015-09-29 14:21 - 04100944 _____ C:\Users\blackie\Downloads\fancymononew.zip
2015-09-23 09:20 - 2015-09-23 09:20 - 00002361 _____ C:\Users\blackie\Uninstall-VzInHomeAgentlog.log
2015-09-23 09:17 - 2015-09-23 09:17 - 00042330 _____ C:\RPSetup.exe.log
2015-09-15 11:25 - 2015-09-15 11:25 - 00000000 ____D C:\Users\blackie\Downloads\PUMPKIN_5X7 (2)
2015-09-15 11:24 - 2015-09-15 11:24 - 00305131 _____ C:\Users\blackie\Downloads\PUMPKIN_5X7 (2).zip
2015-09-15 11:21 - 2015-09-15 11:21 - 00305131 _____ C:\Users\blackie\Downloads\PUMPKIN_5X7 (1).zip
2015-09-13 19:44 - 2015-09-13 19:44 - 00000000 ____D C:\Users\blackie\Downloads\Archive
2015-09-13 19:42 - 2015-09-13 19:42 - 00108803 _____ C:\Users\blackie\Downloads\Archive.zip
2015-09-13 19:36 - 2015-09-13 19:36 - 00000000 ____D C:\Users\blackie\Downloads\New folder (2)
2015-09-13 19:32 - 2015-09-13 19:32 - 00000000 ____D C:\Users\blackie\Downloads\New folder
2015-09-13 19:24 - 2015-09-13 19:24 - 00000000 ____D C:\Users\blackie\Downloads\sslongenecker_3933111_Page1
2015-09-13 19:24 - 2015-09-13 19:24 - 00000000 ____D C:\Users\blackie\Downloads\Olaf
2015-09-13 19:22 - 2015-09-13 19:22 - 04480319 _____ C:\Users\blackie\Downloads\Olaf.zip
2015-09-13 19:22 - 2015-09-13 19:22 - 00026190 _____ C:\Users\blackie\Downloads\sslongenecker_3933111_Page1.zip
2015-09-11 19:06 - 2015-09-11 19:06 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-11 19:06 - 2015-09-11 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-09 16:42 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 16:42 - 2015-08-15 02:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 16:42 - 2015-08-15 02:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 16:42 - 2015-08-15 02:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 16:42 - 2015-08-15 01:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 16:42 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 16:42 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 16:42 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 16:42 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 16:42 - 2015-08-15 01:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 16:42 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 16:42 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 16:42 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 16:42 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 16:42 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 16:42 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 16:42 - 2015-08-05 13:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 16:42 - 2015-08-05 13:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 16:42 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 16:41 - 2015-09-01 23:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 16:41 - 2015-09-01 23:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 16:41 - 2015-09-01 23:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 16:41 - 2015-09-01 23:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 16:41 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 16:41 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 16:41 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-09 16:41 - 2015-09-01 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 16:41 - 2015-09-01 21:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 16:41 - 2015-09-01 21:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 16:41 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 16:41 - 2015-08-17 21:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 16:41 - 2015-08-15 02:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 16:41 - 2015-08-15 02:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 16:41 - 2015-08-15 02:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 16:41 - 2015-08-15 02:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 16:41 - 2015-08-15 02:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 16:41 - 2015-08-15 02:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 16:41 - 2015-08-15 02:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 16:41 - 2015-08-15 02:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 16:41 - 2015-08-15 02:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 16:41 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 16:41 - 2015-08-15 02:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 16:41 - 2015-08-15 02:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 16:41 - 2015-08-15 02:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 16:41 - 2015-08-15 02:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 16:41 - 2015-08-15 02:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 16:41 - 2015-08-15 01:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 16:41 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 16:41 - 2015-08-15 01:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 16:41 - 2015-08-15 01:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 16:41 - 2015-08-15 01:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 16:41 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 16:41 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 16:41 - 2015-08-15 01:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 16:41 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 16:41 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 16:41 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 16:41 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 16:41 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 16:41 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 16:41 - 2015-08-15 01:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 16:41 - 2015-08-15 01:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 16:41 - 2015-08-15 01:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 16:41 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 16:41 - 2015-08-15 01:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 16:41 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 16:41 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 16:41 - 2015-08-15 01:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 16:41 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 16:41 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 16:41 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 16:41 - 2015-08-15 00:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 16:41 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 16:41 - 2015-08-15 00:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 16:41 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 16:41 - 2015-08-04 14:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 16:41 - 2015-08-04 14:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 16:41 - 2015-08-04 13:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 16:41 - 2015-08-04 13:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 16:41 - 2015-08-04 13:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 16:41 - 2015-08-04 13:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 16:41 - 2015-08-04 13:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 16:41 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 16:41 - 2015-08-04 12:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 16:40 - 2015-08-26 14:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 16:40 - 2015-08-26 14:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 16:40 - 2015-08-26 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 16:40 - 2015-08-26 14:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 16:40 - 2015-08-26 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 16:40 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 16:40 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 16:40 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 16:40 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 16:40 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 14:25 - 2015-09-09 14:25 - 00003172 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2015-09-09 12:12 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 12:12 - 2015-08-27 14:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 12:12 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 12:12 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 12:12 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 12:12 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 12:12 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-09 12:12 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-09 12:12 - 2015-07-22 20:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 12:12 - 2015-07-22 20:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 12:12 - 2015-07-22 20:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 12:12 - 2015-07-22 20:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 12:12 - 2015-07-22 20:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-09 12:12 - 2015-07-22 20:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-09 12:12 - 2015-07-22 20:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-09 12:12 - 2015-07-22 20:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 12:12 - 2015-07-22 20:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 12:12 - 2015-07-22 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-09 12:12 - 2015-07-22 20:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-09 12:12 - 2015-07-22 20:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 12:12 - 2015-07-22 20:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 12:12 - 2015-07-22 19:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 12:12 - 2015-07-22 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 12:12 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-09 12:12 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-09 12:12 - 2015-07-22 13:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-09 12:12 - 2015-07-22 13:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-09 12:12 - 2015-07-22 13:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-09 12:12 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-09 12:12 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 12:12 - 2015-07-22 12:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 12:12 - 2015-07-22 12:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 12:12 - 2015-07-22 12:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 12:12 - 2015-07-22 12:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-09 12:12 - 2015-07-22 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-09 12:12 - 2015-07-22 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 12:12 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 12:12 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 12:12 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 12:12 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 12:12 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-09 12:12 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-09 12:12 - 2015-06-25 06:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 12:12 - 2015-06-25 06:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 12:12 - 2015-06-25 06:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 12:12 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-04 14:28 - 2013-06-07 18:40 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001UA.job
2015-10-04 14:28 - 2013-06-07 18:40 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001Core.job
2015-10-04 13:13 - 2013-06-08 06:24 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-04 13:12 - 2013-06-07 18:40 - 00000000 ____D C:\Users\blackie\AppData\Local\Deployment
2015-10-04 13:09 - 2013-05-29 09:20 - 01263183 _____ C:\Windows\WindowsUpdate.log
2015-10-04 12:46 - 2011-02-10 12:10 - 00808800 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-04 12:46 - 2009-07-14 01:13 - 00808800 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-04 12:19 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-04 12:19 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-04 11:23 - 2013-06-08 11:08 - 00000000 ____D C:\Users\blackie\AppData\Roaming\PCDr
2015-10-04 11:20 - 2015-06-23 10:47 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-10-04 11:04 - 2015-08-20 17:04 - 00000344 _____ C:\Windows\Tasks\Superclean.job
2015-10-04 10:09 - 2013-07-29 21:29 - 00000000 ____D C:\Users\blackie\AppData\Local\Windows Live
2015-10-04 09:37 - 2015-06-16 08:21 - 00000000 ____D C:\Program Files (x86)\Nutritious Video
2015-10-04 09:13 - 2015-08-01 00:35 - 00000000 ____D C:\ProgramData\peigbjnlgpaalgplkgoolglmdpbjnmim
2015-10-04 09:13 - 2015-05-04 19:19 - 00000000 ____D C:\Program Files (x86)\DigiiCuoUpOn
2015-10-04 09:13 - 2014-12-05 10:02 - 00000000 ____D C:\ProgramData\2648787957
2015-10-04 09:06 - 2013-08-06 18:51 - 00000000 ____D C:\Users\blackie\AppData\Roaming\Skype
2015-09-30 10:23 - 2013-06-07 17:27 - 00000000 ____D C:\My Designs
2015-09-29 13:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-29 11:28 - 2014-02-08 09:15 - 00000000 ____D C:\Users\blackie\AppData\Local\CrashDumps
2015-09-23 10:34 - 2015-08-20 17:10 - 00003260 _____ C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-09-23 09:21 - 2014-09-17 09:49 - 00000000 ____D C:\Users\blackie\AppData\Local\Citrix
2015-09-23 09:20 - 2014-09-15 21:52 - 00000000 ____D C:\Users\blackie\AppData\Roaming\Verizon
2015-09-23 09:20 - 2014-09-15 20:09 - 00000000 ____D C:\Program Files (x86)\Verizon
2015-09-23 09:20 - 2013-06-09 19:08 - 00000000 ____D C:\ProgramData\McAfee
2015-09-23 09:20 - 2013-06-07 14:50 - 00000000 ____D C:\Users\blackie
2015-09-23 09:18 - 2013-05-29 07:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-23 09:17 - 2013-05-29 08:03 - 00042330 _____ C:\Windows\RPSETUP.EXE.LOG
2015-09-23 09:14 - 2015-08-20 17:04 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-09-23 09:13 - 2014-09-15 21:52 - 00000000 __RSD C:\Users\blackie\Documents\McAfee Vaults
2015-09-23 09:10 - 2013-05-29 08:16 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-09-23 09:10 - 2013-05-29 08:16 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-09-23 09:08 - 2010-11-20 23:47 - 01268456 _____ C:\Windows\PFRO.log
2015-09-23 09:08 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-23 09:08 - 2009-07-14 00:51 - 00056686 _____ C:\Windows\setupact.log
2015-09-11 19:06 - 2013-08-06 18:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-11 19:06 - 2013-08-06 18:51 - 00000000 ____D C:\ProgramData\Skype
2015-09-10 03:41 - 2009-07-14 00:45 - 00295216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 03:37 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 03:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 03:18 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-09 16:18 - 2015-08-27 07:52 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-09-09 11:25 - 2015-06-01 14:54 - 00000024 _____ C:\Users\blackie\AppData\Roaming\appdataFr25.bin

==================== Files in the root of some directories =======

2014-09-17 10:17 - 2014-09-17 10:17 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-12-05 16:01 - 2014-12-05 16:01 - 0000004 _____ () C:\Users\blackie\AppData\Roaming\appdataFr2.bin
2015-06-01 14:54 - 2015-09-09 11:25 - 0000024 _____ () C:\Users\blackie\AppData\Roaming\appdataFr25.bin
2015-02-04 13:07 - 2015-05-19 09:22 - 0000020 _____ () C:\Users\blackie\AppData\Roaming\appdataFr3.bin
2014-02-18 22:26 - 2015-02-15 12:38 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\blackie\MetricCollection.dll


Some files in TEMP:
====================
C:\Users\blackie\AppData\Local\Temp\supoptsetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-29 12:55

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by blackie (2015-10-04 14:37:44)
Running from C:\Users\blackie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-06-07 18:50:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2877198976-1275888466-3969009621-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2877198976-1275888466-3969009621-1004 - Limited - Enabled)
blackie (S-1-5-21-2877198976-1275888466-3969009621-1001 - Administrator - Enabled) => C:\Users\blackie
Guest (S-1-5-21-2877198976-1275888466-3969009621-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2877198976-1275888466-3969009621-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

50CoUpOns (HKLM-x32\...\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}) (Version: - "") <==== ATTENTION
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
BERNINA Embroidery Software 5.0X (HKLM-x32\...\{1919D96B-79F5-465E-8D81-1C22C9A7CD57}) (Version: 5.0.0087 - BERNINA)
BERNINA Universal Communication Server (HKLM-x32\...\{CF27C964-3902-4CA3-9C71-B0EAEB302AB5}) (Version: 1.1.2 - BERNINA)
BitSaver (HKLM-x32\...\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}) (Version: - "") <==== ATTENTION
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
DigiiCuoUpOn (HKLM-x32\...\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}) (Version: - "") <==== ATTENTION
DNS Unlocker version 1.3 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.3 - www.vidcreek.tv) <==== ATTENTION
DuownSAve (HKLM-x32\...\{AF992111-52BE-832B-5882-8477E4A3C99A}) (Version: - "") <==== ATTENTION
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.58 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Embroidery Software (x32 Version: 5.0.0035 - BERNINA) Hidden
ExstraCOupoon (HKLM-x32\...\{98449C67-C7AF-BB53-112D-26C916814611}) (Version: - "") <==== ATTENTION
ExstraSavings (HKLM-x32\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version: - "") <==== ATTENTION
FindBeosttDeal (HKLM-x32\...\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}) (Version: - "") <==== ATTENTION
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Fun22SAve (HKLM-x32\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version: - "") <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Happy2Saave (HKLM-x32\...\{E957849A-94AC-6F46-4623-C31474E3C170}) (Version: - "") <==== ATTENTION
HtmmLCeHeccker (HKLM-x32\...\{27412C31-A850-073A-86A4-6D97ACAECFA6}) (Version: - HtmlCHeickeur) <==== ATTENTION
IHA_MessageCenter (HKLM-x32\...\{C3300989-DAF5-4F3A-81FF-404729267C0B}) (Version: 2.0.63 - Verizon)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) ENU (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiNimumPriice (HKLM-x32\...\{CA1838EF-A497-194E-3850-37A62CEE398B}) (Version: - "") <==== ATTENTION
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
RaNdomPiRice (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version: - "") <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
ReeGularDeals (HKLM-x32\...\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}) (Version: - "") <==== ATTENTION
RioboSavaer (HKLM-x32\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version: - "") <==== ATTENTION
ShopDrrop (HKLM-x32\...\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}) (Version: - "") <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
TheAdBlock (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - TheAdBlock) <==== ATTENTION
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Verizon Internet Security Suite Multi-Device (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
Verizon Online Backup and Sharing for PC (HKLM-x32\...\{00CBEAB1-3FF4-4A94-AA71-237297D75526}) (Version: 5.1.24.11 - Verizon)
Verizon Online Share Drive (HKLM-x32\...\{62DE5981-F09F-49F5-9991-3C26DA81D740}) (Version: 2.1.41 - Verizon)
Video Converter Bundle (HKLM-x32\...\Video Converter Bundle) (Version: 1.0.0.0 - Video Converter Bundle)
VzDownloadManager (HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
WasteNoTime (HKLM-x32\...\{7223EDAC-E091-B3C1-BD91-B66CE557800F}) (Version: - "") <==== ATTENTION
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2500 - Broadcom Corporation)
Windows Driver Package - Broadcom (BcmVWL) Net (10/21/2011 6.20.55.1) (HKLM\...\D3D5243E35F0E912D4EBC814E30F950D23D4C15B) (Version: 10/21/2011 6.20.55.1 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-09-2015 15:05:16 Windows Update
09-09-2015 16:44:46 Windows Update
10-09-2015 03:00:22 Windows Update
23-09-2015 09:17:11 Removed Dell DataSafe Local Backup
04-10-2015 12:38:58 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F99084A-5800-456E-9809-B1F4557CC0B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2705C588-C182-4817-9A28-A2E6E1BCE995} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-04] (Google Inc.)
Task: {2C61FF8D-28A9-4503-922C-D584A70776AA} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {430BD47D-0F2F-4973-BFC3-BC43B2BB8AB2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {44580823-D961-4D1F-B33F-B39C9BF984F8} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {7489F433-EDA8-4A01-9629-2DF2058ABC1D} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {854F8F45-C4B5-452D-8A60-479B3C29E587} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {86F0DE56-9132-42E9-B1E5-985842526FB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001UA => C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)
Task: {960DEF9F-91A0-49A0-8847-62A68BA21047} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {A208D740-29B0-40F3-9332-B649C35EC2A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-04] (Google Inc.)
Task: {B3BB99EA-7AB8-4B2C-B310-EB310B5F398C} - System32\Tasks\{928C353B-8F60-4122-A664-76CCAA08FD0C} => pcalua.exe -a C:\Users\blackie\AppData\Local\Temp\Temp1_BERNINAV5ServicePack3.zip\BERNINA_V5.0x_SP3.exe
Task: {B92528B9-ED10-4B87-B991-A0AC5372E9BF} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {BDB585D0-BB89-46C5-A48F-CE6089CB3C4C} - System32\Tasks\DNSKINGSTON => C:\Program Files (x86)\DNS Unlocker\dnskingston.exe
Task: {C6623204-835F-4902-8318-B4CA204FD66D} - System32\Tasks\Superclean => c:\programdata\{f26ecf4b-af98-e2ae-f26e-ecf4baf93d2e}\hqghumeaylnlf.exe [2014-08-20] (Super PC Tools Ltd) <==== ATTENTION
Task: {E8E5A5C2-A1B4-4933-A844-798930B3B31D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001Core => C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)
Task: {F8293033-C79D-44E1-A7EE-796DB144D354} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {FE112C8E-645C-4CBC-8F8B-7615E43A0CF8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001Core.job => C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001UA.job => C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{f26ecf4b-af98-e2ae-f26e-ecf4baf93d2e}\hqghumeaylnlf.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-06-01 03:21 - 2013-06-01 03:21 - 02467328 _____ () C:\Program Files (x86)\Verizon\Verizon Online Share Drive\DigiData.Vault.VaultExplorer.dll
2014-09-15 20:16 - 2014-09-15 20:16 - 00024576 _____ () C:\Windows\assembly\GAC_MSIL\DigiData.Vault.MTOM\1.0.4.0__1446c3ed161a622b\DigiData.Vault.MTOM.dll
2013-06-01 03:21 - 2013-06-01 03:21 - 00003584 _____ () C:\Program Files (x86)\Verizon\Verizon Online Share Drive\LogicNP.PropSheetExtensionHelper_x64.dll
2013-05-29 08:47 - 2012-10-16 06:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-23 10:46 - 2015-05-19 21:26 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2015-06-23 10:46 - 2015-05-19 21:26 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2013-05-29 07:50 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-10-04 13:13 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-04 13:13 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-04 13:13 - 2015-09-23 22:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\blackie\Downloads\noname.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\blackie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 199.203.131.145 - 82.163.143.167
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3BA5DE49-E252-46CB-9A40-75A7335034AC}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDTray.exe
FirewallRules: [{4CFE4055-5CE9-4C5B-A1F2-F4A5D248CE4B}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDTray.exe
FirewallRules: [{1C7D9723-12C2-4FE2-B63A-8DF00864FA5B}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDSendToExplorer.exe
FirewallRules: [{CCE63760-B5CB-4F72-B436-34AECD6ADAD1}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDSendToExplorer.exe
FirewallRules: [{01C04F14-8BE4-4365-A7E0-E4317B4FCCC9}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDTray.exe
FirewallRules: [{B335C8BF-9240-4760-BFA6-A7D354360180}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDTray.exe
FirewallRules: [{A1122A76-9871-45DF-B76A-DE8A17196B3E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B0B63C77-8203-4AED-A31B-70EFA1B6BD97}] => (Allow) LPort=2869
FirewallRules: [{68A186E7-0C69-4D2A-A266-5AD5BA35FF98}] => (Allow) LPort=1900
FirewallRules: [{A6096596-50D2-4DEC-BB52-4B81F428485C}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{F4B2F478-4377-4026-A37E-4399C15F5CDB}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{3F8F31F1-AB80-4799-820A-C7645F03152F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D8D9C48D-F4C4-4ECA-9DA9-3EA3B85E6CD2}] => (Allow) C:\Users\blackie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{EF54B964-0994-4E98-824D-1AA8A3B19458}] => (Allow) C:\Users\blackie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{27BF318F-FC09-424E-86C1-7FBD0068C4ED}] => (Allow) C:\Users\blackie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{059F65EC-86B0-43C1-8E0A-F13F49A3DF1B}] => (Allow) C:\Users\blackie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{E14C5AEB-8756-41A4-A7E7-3E4FA08980BE}] => (Allow) LPort=50000
FirewallRules: [{12EF9473-9BB4-49DC-8F70-AE3B0E9851DE}] => (Allow) C:\Users\blackie\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{08B8C363-80D5-49FD-8C41-43218ACC6ED5}] => (Allow) C:\Users\blackie\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{4382AD19-C04F-4FB8-9034-B075A1266179}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{002D7E99-A02B-4178-9D29-CED05AA50D9B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{37C8CECF-18B7-4AA1-9597-0CF770DEC0AD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{89500882-5AEE-4030-8867-62C6C9BCDF7E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2A29FBB2-25D1-4791-B103-0EA4B9132AB9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E06B82E2-776B-4577-9AD4-4DA48692E245}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{22535498-1D67-4ECF-84CE-9B12335A3FD4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4BCADB09-AFF7-45D1-B433-85A6BD2D2A22}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5311B9A1-021A-4E01-B4B0-1F0463B01A0E}] => (Allow) LPort=50001
FirewallRules: [{A3F31C1D-B86D-4BE1-AC87-1309274A8797}] => (Allow) LPort=50000
FirewallRules: [{458D16BA-5780-466D-8E0E-9A3AC1B09A07}] => (Allow) LPort=50001
FirewallRules: [{206C4FAF-E254-426D-8459-9CF8F5BEDEEA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2015 11:23:39 AM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (10/01/2015 11:37:21 AM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (09/30/2015 11:18:04 AM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (09/29/2015 11:27:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55b02e88
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x24b8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (09/29/2015 11:13:15 AM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (09/29/2015 08:16:56 AM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (09/26/2015 08:35:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55b02e88
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x2a74
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (09/25/2015 12:29:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (09/24/2015 12:27:46 PM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (09/23/2015 01:33:57 PM) (Source: UniversalCommunicationServer) (EventID: 0) (User: )
Description: Universal Communication Server Terminating: True
reason: System.UnhandledExceptionEventArgs
Stack: TraceEnvironment.XTrace+AssertionFailedException: unexpected message length 4
at TraceEnvironment.XTrace.Assert(Boolean aCondition, String aFormat, Object[] aObjects)
at UniversalCommunicationServer.ServerConnection.stateConnectedOnServerDataReceived(evServerDataReceived aEvent)
at MultiThreading.Reactive.MainLoop()
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (10/04/2015 12:37:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}

Error: (10/04/2015 08:08:54 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/04/2015 06:06:55 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/04/2015 04:04:54 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/04/2015 02:02:52 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/04/2015 12:00:55 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/03/2015 09:58:52 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/03/2015 07:56:52 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/03/2015 05:52:59 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/02/2015 11:47:57 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.


CodeIntegrity:
===================================
Date: 2015-08-13 11:57:53.937
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.927
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.917
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.907
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.827
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.817
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.817
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.797
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.707
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.697
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 71%
Total physical RAM: 3971.36 MB
Available physical RAM: 1121.81 MB
Total Virtual: 7940.91 MB
Available Virtual: 4181.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.54 GB) (Free:353.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 05CB3CF8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

redtarget.gif
You're not saying what your computer issues are.

redtarget.gif
Uninstall following unwanted programs:

50CoUpOns
BitSaver
DigiiCuoUpOn
DNS Unlocker
DuownSAve
ExstraCOupoon
ExstraSavings
FindBeosttDeal
Fun22SAve
Happy2Saave
HtmmLCeHeccker
MiNimumPriice
RaNdomPiRice
ReeGularDeals
RioboSavaer
ShopDrrop
Super Optimizer
TheAdBlock
WasteNoTime

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Thank you for your assistance. Sorry I overlooked the symptoms ( which are lots of popup ads) when I ran into trouble posting the FRST log.

Below is the RougeKiller log.

RogueKiller V10.10.9.0 [Oct 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : blackie [Administrator]
Started from : C:\Users\blackie\Downloads\RogueKiller.exe
Mode : Delete -- Date : 10/06/2015 20:14:24

¤¤¤ Processes : 1 ¤¤¤
[Proc.RunPE] hasplms.exe(1660) -- C:\Windows\System32\hasplms.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 4 ¤¤¤
[PUP|VT.not-a-virus:RiskTool.Win32.OptimizerPro.e] (X64) HKEY_USERS\S-1-5-21-2877198976-1275888466-3969009621-1001\Software\Microsoft\Windows\CurrentVersion\Run | Super Optimizer : C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [7] -> Deleted
[PUP|VT.not-a-virus:RiskTool.Win32.OptimizerPro.e] (X86) HKEY_USERS\S-1-5-21-2877198976-1275888466-3969009621-1001\Software\Microsoft\Windows\CurrentVersion\Run | Super Optimizer : C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [7] -> ERROR [2]
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2877198976-1275888466-3969009621-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2877198976-1275888466-3969009621-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)

¤¤¤ Tasks : 3 ¤¤¤
[PUP|VT.PUP.Optional.SuperOptimizer] %WINDIR%\Tasks\Superclean.job -- c:\programdata\{f26ecf4b-af98-e2ae-f26e-ecf4baf93d2e}\hqghumeaylnlf.exe (--startup=1 --single) -> Deleted
[PUP|VT.not-a-virus:RiskTool.Win32.OptimizerPro.e] \Super Optimizer Schedule -- "C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe" -> Deleted
[PUP|VT.PUP.Optional.SuperOptimizer] \Superclean -- c:\programdata\{f26ecf4b-af98-e2ae-f26e-ecf4baf93d2e}\hqghumeaylnlf.exe (--startup=1 --single) -> ERROR [0]

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 4 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Addr(Hook.IEAT)] (chrome.exe) kernel32.dll - CreateNamedPipeW : Unknown @ 0xfb0010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) kernel32.dll - CreateNamedPipeW : Unknown @ 0xfb0010
[IAT:Addr(Hook.IEAT)] (chrome.exe) kernel32.dll - CreateNamedPipeW : Unknown @ 0x490010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) kernel32.dll - CreateNamedPipeW : Unknown @ 0x490010

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA ST500LT012-9WS14 SCSI Disk Device +++++
--- User ---
[MBR] 92618190776c40422193c176c5fa6da7
[BSP] 1f09d7bcf96d39bcc416291b255a79fc : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15542 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31911936 | Size: 461357 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
MBAM Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/6/2015
Scan Time: 8:24 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.06.06
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: blackie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360101
Time Elapsed: 20 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 29
PUP.Optional.MultiPlug.Uns, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [338baca76c1fb97d1c07cec8fb076799],
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Super Optimizer_is1, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, Quarantined, [4579f85b2f5c01356f907f54eb191ae6],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [1ba34d066c1ff24419830488f70d669a],
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [c4fabd96ec9fc670d6708b45dd27db25],
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [dbe3252e8b007fb7f156389811f321df],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [7747292a2665201669333e4e64a09f61],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [7a44f2618a01f14521d388bb49baf50b],
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [f7c78ec5b1dacd69f151547c887c7090],
PUP.Optional.SuperOptimizer, HKU\S-1-5-19\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [af0fe56ed4b7b97d54ee0dc3f50f02fe],
PUP.Optional.SuperOptimizer, HKU\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [edd169eac1ca76c08bb78f411be9d32d],
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [07b779da4645a096a39f646ccf3538c8],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\CONDUIT\DistributionEngine, Quarantined, [407e2e25a2e9092d347693f9e1234ab6],
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\SUPER OPTIMIZER, Quarantined, [d0ee78dbe9a27eb8a89d19b752b2a45c],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Video Converter Bundle, Quarantined, [526c0251414a8fa720a7c07945be42be],

Registry Values: 9
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130515551179603127, Quarantined, [8d312b283e4d5ed80af41bb809fbb34d]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130515551179603127, Quarantined, [c2fc8cc7bbd0ec4adc22c50e7a8a07f9]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130515551179603127, Quarantined, [bd014013c3c8ac8a2cd2597ab2527c84]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130515551179603127, Quarantined, [ead4b3a096f5e650946a18bb6c98926e]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130515551179603127, Quarantined, [4579f85b2f5c01356f907f54eb191ae6]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [1ba34d066c1ff24419830488f70d669a]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [7747292a2665201669333e4e64a09f61]
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\SUPER OPTIMIZER|SetupName, c:\windows\temp\15862120154787903678\SuperOptimizer (1).exe, Quarantined, [d0ee78dbe9a27eb8a89d19b752b2a45c]
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, http://supc.superpctools.revenuewire.net/spu/register?221002333_FA862457-BBB1-4B5D-880B-6A80E2CEBC7E, Quarantined, [89355bf89bf0e84ecd77ad23e91b966a]

Registry Data: 4
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{17941E5A-442D-41F6-A63C-BF3EB16B5E33}|NameServer, 199.203.131.145,82.163.143.167, Good: (), Bad: (199.203.131.145,82.163.143.167),Replaced,[7945ff547516ab8b8d1e6c212fd6837d]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{437B70CD-ADAD-49FF-B824-F59269156CE8}|NameServer, 199.203.131.145,82.163.143.167, Good: (), Bad: (199.203.131.145,82.163.143.167),Replaced,[ab13d57e4c3ffc3a208bc5c8e223867a]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{53BD5BA6-6CBB-45D9-B383-1DB577A39A65}|NameServer, 199.203.131.145,82.163.143.167, Good: (), Bad: (199.203.131.145,82.163.143.167),Replaced,[ad11183bbecd61d52a817a138f767090]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F2882855-F1EC-4A59-A79E-329B4B78F7FC}|NameServer, 199.203.131.145,82.163.143.167, Good: (), Bad: (199.203.131.145,82.163.143.167),Replaced,[407ed47ff695a88e713ad4b91de83ec2]

Folders: 23
PUP.Optional.MultiPlug, C:\ProgramData\kbnacijigdpkccabodffhmahcbmddbmp, Quarantined, [fdc1e46f9af1c07679ce7218ee1644bc],
PUP.Optional.MultiPlug, C:\ProgramData\pagbdcclgilbimibjgeoblfnliknoofh, Quarantined, [fdc14c07bdce93a395b20c7e54b0936d],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.SuperOptimizer, C:\ProgramData\{f26ecf4b-af98-e2ae-f26e-ecf4baf93d2e}, Quarantined, [9d21d87b4645b68077c46a666b9905fb],
PUP.Optional.SuperOptimizer, C:\Users\blackie\Documents\Super Optimizer, Quarantined, [a915292a0c7f25113effa0306b99ee12],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
Rogue.Multiple, C:\ProgramData\2648787957, Quarantined, [625c70e3a8e3f73f74205ca150b2a060],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [55694d06177421152c9cc0536b9827d9],
PUP.Optional.AdsRemover, C:\ProgramData\Ads Remover, Quarantined, [0bb36ee5c3c8cd69496a6baaae5544bc],
PUP.Optional.GetTheDiscount, C:\ProgramData\GetTheDiscount, Quarantined, [bfff450e6526b87ed9fbac7b1ce722de],
PUP.Optional.Happy2Save, C:\ProgramData\Happy2Save, Quarantined, [9b2379da4942201689f0b96f5ba8e818],
PUP.Optional.MultiPlug, C:\ProgramData\DealExpress, Quarantined, [b50986cd602b3600d11d909f0bf843bd],
PUP.Optional.SaveLots, C:\ProgramData\SaveLots, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SuperOptimizer, C:\Users\blackie\AppData\Roaming\Super Optimizer, Quarantined, [714d1b38d2b92e08a49ec970f50ec739],
PUP.Optional.SuperOptimizer, C:\Users\blackie\AppData\Roaming\Super Optimizer\Backup, Quarantined, [714d1b38d2b92e08a49ec970f50ec739],
PUP.Optional.SuperOptimizer, C:\Users\blackie\AppData\Roaming\Super Optimizer\Log, Quarantined, [714d1b38d2b92e08a49ec970f50ec739],
PUP.Optional.SuperOptimizer, C:\Users\blackie\AppData\Roaming\Super Optimizer\Undo, Quarantined, [714d1b38d2b92e08a49ec970f50ec739],
PUP.Optional.SweetPacks, C:\Program Files (x86)\sweetpacks bundle uninstaller, Quarantined, [526c0251414a8fa720a7c07945be42be],
PUP.Optional.TheAdBlock, C:\ProgramData\TheAdBlock, Quarantined, [7f3f94bfd0bb67cf152488b21ee5ed13],
PUP.Optional.TPerfectCoupon, C:\ProgramData\tperfectcoupon, Quarantined, [ae10c88bd4b7af8704c6fc3e0102639d],
PUP.Optional.WorldWideCoupon, C:\ProgramData\WorldWideCoupon, Quarantined, [aa1456fde6a580b66f17a19c48bb49b7],
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect, Quarantined, [8a345af9a1ead6609676d46c4fb4936d],
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect\Logs, Quarantined, [8a345af9a1ead6609676d46c4fb4936d],

Files: 113
PUP.Optional.MultiPlug.Uns, C:\ProgramData\Ads Remover\Ads Remover.exe, Quarantined, [07b773e0c8c347ef2ff4dbbb13efb848],
PUP.Optional.MultiPlug.Uns, C:\ProgramData\TheAdBlock\TheAdBlock.exe, Quarantined, [338baca76c1fb97d1c07cec8fb076799],
PUP.Optional.SuperOptimizer, C:\ProgramData\{f26ecf4b-af98-e2ae-f26e-ecf4baf93d2e}\hqghumeaylnlf.exe, Quarantined, [35891043315ae65041fbd5ee966b5fa1],
PUP.Optional.OptimizerPro, C:\Program Files (x86)\Super Optimizer\SuperOptimizer.exe, Quarantined, [bb03de75d4b7d5612aed2a6b976a0ef2],
PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-2877198976-1275888466-3969009621-1001\$R1RWF8Z.exe, Quarantined, [6856c093d6b50e289aabe9d7a75a3bc5],
Trojan.FakeMS, C:\$Recycle.Bin\S-1-5-21-2877198976-1275888466-3969009621-1001\$R0GK59R\prompt.exe, Quarantined, [07b775de6b203bfb3bcc92a054ada55b],
PUP.Optional.SuperOptimizer, C:\Users\blackie\AppData\Local\Temp\supoptsetup.exe, Quarantined, [685660f35635e3539c9f7a4969989c64],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Windows\Temp\13576004968347624653\greent primary 010915.exe, Quarantined, [c7f7ea69a8e312242a6c85342ad78d73],
PUP.Optional.SuperOptimizer, C:\Windows\Temp\15862120154787903678\SuperOptimizer (1).exe, Quarantined, [1ca293c00c7f8fa7ed4f70532bd6817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Windows\Temp\17669045697872633197\setup.exe, Quarantined, [5767bb980e7df244488a4c082bd54ab6],
PUP.Optional.SmartSec, C:\Users\blackie\Downloads\Setup (1).exe, Quarantined, [b10d242ff19ad2646189162d43be728e],
PUP.Optional.SmartSec, C:\Users\blackie\Downloads\Setup (2).exe, Quarantined, [605e2231325990a6a347c1825ea33bc5],
PUP.Optional.SmartSec, C:\Users\blackie\Downloads\Setup (3).exe, Quarantined, [823ca4af4e3dca6c7773e75cf40d55ab],
PUP.Optional.SoftPulse, C:\Users\blackie\Downloads\Setup (4).exe, Quarantined, [b30b3e15bad177bf76bd2620ed14de22],
PUP.Optional.IBryte, C:\Users\blackie\Downloads\setup (5).exe, Quarantined, [6a5464ef85064cea5022b8b6d3329967],
PUP.Optional.Plugin, C:\Users\blackie\Downloads\Setup (6).exe, Quarantined, [417d93c05a31fd397d5488c1946dbc44],
PUP.Optional.AirAd, C:\Users\blackie\Downloads\setup (7).exe, Quarantined, [506e4310fa9175c1fc9e6bf1857bfe02],
PUP.Optional.InstallCore, C:\Users\blackie\Downloads\adobe_flash_setup.exe, Quarantined, [16a81a399bf09a9ccd7801bf0ff224dc],
PUP.Optional.SmartSec, C:\Users\blackie\Downloads\Setup.exe, Quarantined, [17a7ba99ff8cc670d911bc87758c0af6],
PUP.Optional.APNToolBar, C:\Users\blackie\AppData\Local\Downloaded Installations\{263E1DB9-E7C3-4F3E-AC28-9A519AD52AC8}\The Weather Channel App.msi, Quarantined, [8a34fa59cebd3cfab31915a78879837d],
PUP.Optional.MultiPlug, C:\ProgramData\kbnacijigdpkccabodffhmahcbmddbmp\lsdb.js, Quarantined, [fdc1e46f9af1c07679ce7218ee1644bc],
PUP.Optional.MultiPlug, C:\ProgramData\kbnacijigdpkccabodffhmahcbmddbmp\background.html, Quarantined, [fdc1e46f9af1c07679ce7218ee1644bc],
PUP.Optional.MultiPlug, C:\ProgramData\kbnacijigdpkccabodffhmahcbmddbmp\content.js, Quarantined, [fdc1e46f9af1c07679ce7218ee1644bc],
PUP.Optional.MultiPlug, C:\ProgramData\kbnacijigdpkccabodffhmahcbmddbmp\manifest.json, Quarantined, [fdc1e46f9af1c07679ce7218ee1644bc],
PUP.Optional.MultiPlug, C:\ProgramData\kbnacijigdpkccabodffhmahcbmddbmp\RgfBnBbJ.js, Quarantined, [fdc1e46f9af1c07679ce7218ee1644bc],
PUP.Optional.MultiPlug, C:\ProgramData\pagbdcclgilbimibjgeoblfnliknoofh\lsdb.js, Quarantined, [fdc14c07bdce93a395b20c7e54b0936d],
PUP.Optional.MultiPlug, C:\ProgramData\pagbdcclgilbimibjgeoblfnliknoofh\background.html, Quarantined, [fdc14c07bdce93a395b20c7e54b0936d],
PUP.Optional.MultiPlug, C:\ProgramData\pagbdcclgilbimibjgeoblfnliknoofh\content.js, Quarantined, [fdc14c07bdce93a395b20c7e54b0936d],
PUP.Optional.MultiPlug, C:\ProgramData\pagbdcclgilbimibjgeoblfnliknoofh\L.js, Quarantined, [fdc14c07bdce93a395b20c7e54b0936d],
PUP.Optional.MultiPlug, C:\ProgramData\pagbdcclgilbimibjgeoblfnliknoofh\manifest.json, Quarantined, [fdc14c07bdce93a395b20c7e54b0936d],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\{23B82977-C816-92D2-66E7-BE67DD1E7786}.20141205085819, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\022d628acd5fb8adfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\04fbea7a3702443ffde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\0f29801820a37114fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\0f839359446eec4cfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\15a1758beb4d95dafde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\1878c1afe37a6843fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\198cdfe22d13c1abfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\242c2fd4536773fafde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\29165e80c439e829fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\87cf71cee26cefc0fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\88ca0666a8bc42bcfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\8c84dcdc46445dd6fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\949eb5250aa63df0fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\a220577b68ed26b8fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\a4972f3d267d7857fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\a85eb6873b0ec4b0fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\b895ebcf88104095fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\bd95dd966694472dfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\c012be0f86ee25a5fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\c639ec01ae8d99a9fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\c6fe71eb0df19321fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\2a0b23fa8d6e74d4fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\3ed03cfb56800283fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\465f8e59c1c2d774fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\48b7d16c1455ab25fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\4ab07dd0adbafc36fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\5175a0130ed5b449fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\5563f418483f3111fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\60b6132765a7b0abfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\659310361e8c6f3cfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\73a5cd548c868dbdfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\77baa58cc372e9c1fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\8452e691c1478e9afde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\850d60d95de2be47fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\c90970dadaa8483bfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\dbb0ec2054032d9cfde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\e7a261f5c12d8405fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\e96bb298c31360bafde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\f25188b18c6e58f4fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\f392fc60cfeefae4fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\f6f6eb7fa6ec9857fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\fffe902d234ddce8fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}.20141204085740, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.MultiPlug, C:\ProgramData\1d1bba85e1313c17\8667b30c8487a893fde1941b3d1efc64.ini, Quarantined, [18a6c68d612ace681d3bf9c4d034eb15],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, Quarantined, [724ce76c94f72214b4d66960c440cf31],
PUP.Optional.SuperOptimizer, C:\ProgramData\{f26ecf4b-af98-e2ae-f26e-ecf4baf93d2e}\hqghumeaylnlf.dat, Quarantined, [9d21d87b4645b68077c46a666b9905fb],
PUP.Optional.SuperOptimizer, C:\ProgramData\{f26ecf4b-af98-e2ae-f26e-ecf4baf93d2e}\18e70a12dac431b2, Quarantined, [9d21d87b4645b68077c46a666b9905fb],
PUP.Optional.SuperOptimizer, C:\ProgramData\{f26ecf4b-af98-e2ae-f26e-ecf4baf93d2e}\2f47dceb23b43ae2, Quarantined, [9d21d87b4645b68077c46a666b9905fb],
PUP.Optional.SuperOptimizer, C:\Users\blackie\Documents\Super Optimizer\CookiesException.txt, Quarantined, [a915292a0c7f25113effa0306b99ee12],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\unins000.msg, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_en.bmp, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_es.bmp, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_fr.bmp, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_it.bmp, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\cancel.bmp, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\CookiesException.txt, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\English.ini, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\file_id.diz, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\HomePage.url, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\idp.dll, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\itdownload.dll, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\QuickCheckout.exe, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\scan.gif, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\sqlite3.dll, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\StartupList.txt, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SuperOptimizer.chm, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptGuard.exe, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptReminder.exe, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptSchedule.exe, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptStart.exe, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptUninstaller.exe, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\unins000.dat, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\unins000.exe, Quarantined, [be00074c6d1e221451ed319f7e8617e9],
PUP.Optional.Happy2Save, C:\ProgramData\Happy2Save\XpTaqzaV7wQqgb.dat, Quarantined, [9b2379da4942201689f0b96f5ba8e818],
PUP.Optional.Happy2Save, C:\ProgramData\Happy2Save\XpTaqzaV7wQqgb.tlb, Quarantined, [9b2379da4942201689f0b96f5ba8e818],
PUP.Optional.MultiPlug, C:\ProgramData\DealExpress\FIgk1auoOSpSrt.dat, Quarantined, [b50986cd602b3600d11d909f0bf843bd],
PUP.Optional.MultiPlug, C:\ProgramData\DealExpress\FIgk1auoOSpSrt.tlb, Quarantined, [b50986cd602b3600d11d909f0bf843bd],
PUP.Optional.SaveLots, C:\ProgramData\SaveLots\QNz8adQkknMd2A.dat, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SaveLots, C:\ProgramData\SaveLots\QNz8adQkknMd2A.tlb, Quarantined, [4678fd56a4e7aa8c75576fc5c63d23dd],
PUP.Optional.SweetPacks, C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe, Quarantined, [526c0251414a8fa720a7c07945be42be],

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v5.010 - Logfile created 06/10/2015 at 21:34:41
# Updated 04/10/2015 by Xplode
# Database : 2015-10-05.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : blackie - BLACKIE-PC
# Running from : C:\Users\blackie\Downloads\adwcleaner_5.010.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\ExstraSavings
[-] Folder Deleted : C:\ProgramData\The AdBlocker
[-] Folder Deleted : C:\ProgramData\2097475135642614807UL

***** [ Files ] *****

[-] File Deleted : C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
[-] File Deleted : C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
[-] File Deleted : C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{803C743C-7D37-4334-8BB0-B7716237AED6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{94D4476C-892A-4FF2-AE91-1A5FB2D2F126}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FED6A736-129B-49C7-857E-25FC91E87DB3}]
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\IM
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\Video Converter
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\IM

***** [ Web browsers ] *****

[-] [C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://searchy.easylifeapp.com/
[-] [C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl
[-] [C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPEC1B809F-CE26-4AC6-BC35-9F716494E205&SSPV=

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3830 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by blackie on Tue 10/06/2015 at 21:49:28.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask-Retry



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_48A58E948FBE881A0A956C71AD0A097C



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1A41D1EA-6290-49B1-AB31-401D228E2F4F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{82F96EAC-0AEB-4C38-BB02-559085E5760D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E9F0A92A-9A7C-42B3-8103-B6144473DA1E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A41D1EA-6290-49B1-AB31-401D228E2F4F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82F96EAC-0AEB-4C38-BB02-559085E5760D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1A41D1EA-6290-49B1-AB31-401D228E2F4F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{82F96EAC-0AEB-4C38-BB02-559085E5760D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE}



~~~ Files

Successfully deleted: [File] C:\Users\blackie\AppData\Roaming\appdataFr2.bin
Successfully deleted: [File] C:\Users\blackie\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\blackie\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\blackie\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_dkadjnjjgcjdhpcjhoplojnicjgeajah_0.localstorage
Successfully deleted: [File] C:\Users\blackie\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_dkadjnjjgcjdhpcjhoplojnicjgeajah_0.localstorage-journal



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\BitSaver
Successfully deleted: [Folder] C:\ProgramData\ckblfhcbhiaklnojflmbhnnipjdogjmg
Successfully deleted: [Folder] C:\ProgramData\FFlasihCoupon
Successfully deleted: [Folder] C:\ProgramData\FindBeosttDeal
Successfully deleted: [Folder] C:\ProgramData\Fuunu2Save
Successfully deleted: [Folder] C:\ProgramData\gnndakognfbfbaanooocbnjkfbfkgiff
Successfully deleted: [Folder] C:\ProgramData\KiingCaoupon
Successfully deleted: [Folder] C:\ProgramData\peigbjnlgpaalgplkgoolglmdpbjnmim
Successfully deleted: [Folder] C:\ProgramData\QuEennCoupoN
Successfully deleted: [Folder] C:\ProgramData\saferweb
Successfully deleted: [Folder] C:\ProgramData\toopdeal



~~~ Chrome


[C:\Users\blackie\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\blackie\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\blackie\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\blackie\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
dkadjnjjgcjdhpcjhoplojnicjgeajah
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/06/2015 at 21:54:59.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Do you have any related icon in systray (next to the clock)?
I believe it's powered by McAfee so it may be McAfee icon.
 
ComboFix 15-10-06.01 - blackie 10/07/2015 20:48:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3971.1529 [GMT -4:00]
Running from: c:\users\blackie\Desktop\ComboFix.exe
AV: Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\videoplugin
c:\program files (x86)\videoplugin\VideoPlugin.dat
c:\programdata\PCDr\6664\AddOnDownloaded\1770287d-f115-443b-9fb7-268be5a136fc.dll
c:\programdata\PCDr\6664\AddOnDownloaded\3087e0df-b321-44c3-b144-fb94c30c8383.dll
c:\programdata\PCDr\6664\AddOnDownloaded\5bbfdaf0-4ed3-451e-8ae5-d6568a621a17.dll
c:\programdata\PCDr\6664\AddOnDownloaded\72db11e1-d2b2-4f9f-828a-5a68b9e7709f.dll
c:\programdata\PCDr\6664\AddOnDownloaded\8c64e2ef-3080-4951-8358-e991c1695e4a.dll
c:\programdata\PCDr\6664\AddOnDownloaded\9cc8e4b9-2989-4941-94e1-8c5358218ffb.dll
c:\programdata\PCDr\6664\AddOnDownloaded\c238c886-2790-4da6-895b-00c9110314ec.dll
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adfbpongjnbjgbnjlahkoekcfnfjnnfa
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adfbpongjnbjgbnjlahkoekcfnfjnnfa\142\background.html
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adfbpongjnbjgbnjlahkoekcfnfjnnfa\142\manifest.json
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiockdklnaeikkippjiofcioidjdfjda
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiockdklnaeikkippjiofcioidjdfjda\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiockdklnaeikkippjiofcioidjdfjda\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiockdklnaeikkippjiofcioidjdfjda\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiockdklnaeikkippjiofcioidjdfjda\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiockdklnaeikkippjiofcioidjdfjda\LOG.old
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiockdklnaeikkippjiofcioidjdfjda\MANIFEST-000002
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnljhlnhiacebhcoojehlldmjolpbeec
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnljhlnhiacebhcoojehlldmjolpbeec\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnljhlnhiacebhcoojehlldmjolpbeec\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnljhlnhiacebhcoojehlldmjolpbeec\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnljhlnhiacebhcoojehlldmjolpbeec\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnljhlnhiacebhcoojehlldmjolpbeec\MANIFEST-000002
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dfpiojgfcpgmmngegabpkhdehkdoafgf
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dfpiojgfcpgmmngegabpkhdehkdoafgf\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dfpiojgfcpgmmngegabpkhdehkdoafgf\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dfpiojgfcpgmmngegabpkhdehkdoafgf\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dfpiojgfcpgmmngegabpkhdehkdoafgf\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dfpiojgfcpgmmngegabpkhdehkdoafgf\MANIFEST-000001
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\MANIFEST-000001
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\geklbcigmpeljogplgbgnakkbajkkmbb
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\geklbcigmpeljogplgbgnakkbajkkmbb\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\geklbcigmpeljogplgbgnakkbajkkmbb\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\geklbcigmpeljogplgbgnakkbajkkmbb\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\geklbcigmpeljogplgbgnakkbajkkmbb\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\geklbcigmpeljogplgbgnakkbajkkmbb\MANIFEST-000002
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gldjckfcakggohoblbfgmnjihakcijia
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gldjckfcakggohoblbfgmnjihakcijia\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gldjckfcakggohoblbfgmnjihakcijia\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gldjckfcakggohoblbfgmnjihakcijia\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gldjckfcakggohoblbfgmnjihakcijia\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gldjckfcakggohoblbfgmnjihakcijia\MANIFEST-000001
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\higemadklcnjhjpgcbnnbpgeeippjjcp
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\higemadklcnjhjpgcbnnbpgeeippjjcp\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\higemadklcnjhjpgcbnnbpgeeippjjcp\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\higemadklcnjhjpgcbnnbpgeeippjjcp\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\higemadklcnjhjpgcbnnbpgeeippjjcp\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\higemadklcnjhjpgcbnnbpgeeippjjcp\MANIFEST-000002
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkagohhgodpbgcddadcmnidnphajkmhm
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkagohhgodpbgcddadcmnidnphajkmhm\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkagohhgodpbgcddadcmnidnphajkmhm\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkagohhgodpbgcddadcmnidnphajkmhm\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkagohhgodpbgcddadcmnidnphajkmhm\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkagohhgodpbgcddadcmnidnphajkmhm\MANIFEST-000001
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naaigfdnmbjjkdbpdbelpaaopjblfkbl
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naaigfdnmbjjkdbpdbelpaaopjblfkbl\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naaigfdnmbjjkdbpdbelpaaopjblfkbl\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naaigfdnmbjjkdbpdbelpaaopjblfkbl\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naaigfdnmbjjkdbpdbelpaaopjblfkbl\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naaigfdnmbjjkdbpdbelpaaopjblfkbl\MANIFEST-000002
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nmbfljkmcghmakofbhhgemjhboabdkcn
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nmbfljkmcghmakofbhhgemjhboabdkcn\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nmbfljkmcghmakofbhhgemjhboabdkcn\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nmbfljkmcghmakofbhhgemjhboabdkcn\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nmbfljkmcghmakofbhhgemjhboabdkcn\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nmbfljkmcghmakofbhhgemjhboabdkcn\MANIFEST-000001
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npmhlidlacoobmdcgkfcdpjkdinjadpp
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npmhlidlacoobmdcgkfcdpjkdinjadpp\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npmhlidlacoobmdcgkfcdpjkdinjadpp\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npmhlidlacoobmdcgkfcdpjkdinjadpp\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npmhlidlacoobmdcgkfcdpjkdinjadpp\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npmhlidlacoobmdcgkfcdpjkdinjadpp\MANIFEST-000001
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okoimcnealmbfnikpfoiddcofdpoamch
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okoimcnealmbfnikpfoiddcofdpoamch\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okoimcnealmbfnikpfoiddcofdpoamch\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okoimcnealmbfnikpfoiddcofdpoamch\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okoimcnealmbfnikpfoiddcofdpoamch\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okoimcnealmbfnikpfoiddcofdpoamch\MANIFEST-000002
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pakhjhphleppgakhlffhlfhbekfnobbk
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pakhjhphleppgakhlffhlfhbekfnobbk\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pakhjhphleppgakhlffhlfhbekfnobbk\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pakhjhphleppgakhlffhlfhbekfnobbk\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pakhjhphleppgakhlffhlfhbekfnobbk\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pakhjhphleppgakhlffhlfhbekfnobbk\MANIFEST-000002
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmblmlebfhgmggndnfipebabpklgnnae
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmblmlebfhgmggndnfipebabpklgnnae\000003.log
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmblmlebfhgmggndnfipebabpklgnnae\CURRENT
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmblmlebfhgmggndnfipebabpklgnnae\LOCK
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmblmlebfhgmggndnfipebabpklgnnae\LOG
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmblmlebfhgmggndnfipebabpklgnnae\MANIFEST-000001
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adfbpongjnbjgbnjlahkoekcfnfjnnfa_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adfbpongjnbjgbnjlahkoekcfnfjnnfa_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiockdklnaeikkippjiofcioidjdfjda_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiockdklnaeikkippjiofcioidjdfjda_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bcmfcmnnfajkaodbiimljgjngkdcomkd_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bcmfcmnnfajkaodbiimljgjngkdcomkd_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdejgojmfhngmomodldpdppfbhoajadl_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdejgojmfhngmomodldpdppfbhoajadl_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bfchgcbmheebfgccmphpabmjmiphgafa_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bfchgcbmheebfgccmphpabmjmiphgafa_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bibclkcoilbnbnppanidhimphmfbjaab_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bibclkcoilbnbnppanidhimphmfbjaab_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnljhlnhiacebhcoojehlldmjolpbeec_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnljhlnhiacebhcoojehlldmjolpbeec_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpimjanmknifnoiajikmhmhmlihdccbd_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpimjanmknifnoiajikmhmhmlihdccbd_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddiblodcpaaieoopolanaoecbhicgjfo_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddiblodcpaaieoopolanaoecbhicgjfo_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfpiojgfcpgmmngegabpkhdehkdoafgf_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfpiojgfcpgmmngegabpkhdehkdoafgf_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_enebomhlllfaccbelnjhfgblnalofhch_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_enebomhlllfaccbelnjhfgblnalofhch_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmgncofpadimjlpmndcpcfiilplihmop_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmgncofpadimjlpmndcpcfiilplihmop_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fpkknkljclfencbdbgkenhalefipecmb_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fpkknkljclfencbdbgkenhalefipecmb_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_geklbcigmpeljogplgbgnakkbajkkmbb_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_geklbcigmpeljogplgbgnakkbajkkmbb_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ginepjojjbmfbfiibfdebddmbkjmgfle_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ginepjojjbmfbfiibfdebddmbkjmgfle_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gldjckfcakggohoblbfgmnjihakcijia_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gldjckfcakggohoblbfgmnjihakcijia_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_glieaboaghdnlglpkekghloldikefofo_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_glieaboaghdnlglpkekghloldikefofo_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcngmcbfhnbadikopieafpodfcfigech_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcngmcbfhnbadikopieafpodfcfigech_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgnpdbanhfmmdgeogllhocdajiphlkgi_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgnpdbanhfmmdgeogllhocdajiphlkgi_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_higemadklcnjhjpgcbnnbpgeeippjjcp_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_higemadklcnjhjpgcbnnbpgeeippjjcp_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iongpbleobggjpbababalgpaabhhggaf_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iongpbleobggjpbababalgpaabhhggaf_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipikiaejjblmdopojhpejjmbedhlibno_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipikiaejjblmdopojhpejjmbedhlibno_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpgagcapnkccceppgljfpoadahaopjdb_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpgagcapnkccceppgljfpoadahaopjdb_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kkagohhgodpbgcddadcmnidnphajkmhm_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kkagohhgodpbgcddadcmnidnphajkmhm_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kojmpclcoimgfdbmjgfacfeljhhgcmbm_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kojmpclcoimgfdbmjgfacfeljhhgcmbm_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lepncnolflpphikjokokpbbmcombdffk_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lepncnolflpphikjokokpbbmcombdffk_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkmaimcdgeidlpffbmgnpnfcjjjppmab_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkmaimcdgeidlpffbmgnpnfcjjjppmab_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mimficccjmogheahaobepphobhpikpie_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mimficccjmogheahaobepphobhpikpie_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmebmmnpohfhoknnlpohjaembcipocaa_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmebmmnpohfhoknnlpohjaembcipocaa_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mnpbfmbldigngiccdgkbikaeifoljngg_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mnpbfmbldigngiccdgkbikaeifoljngg_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_naaigfdnmbjjkdbpdbelpaaopjblfkbl_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_naaigfdnmbjjkdbpdbelpaaopjblfkbl_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfddgbpdnaeliohhkbdbcmenpnkepkgn_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfddgbpdnaeliohhkbdbcmenpnkepkgn_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nmbfljkmcghmakofbhhgemjhboabdkcn_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nmbfljkmcghmakofbhhgemjhboabdkcn_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_npmhlidlacoobmdcgkfcdpjkdinjadpp_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_npmhlidlacoobmdcgkfcdpjkdinjadpp_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oienjamfkkgodanlopcoccgeciiabpbf_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oienjamfkkgodanlopcoccgeciiabpbf_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_okoimcnealmbfnikpfoiddcofdpoamch_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_okoimcnealmbfnikpfoiddcofdpoamch_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pakhjhphleppgakhlffhlfhbekfnobbk_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pakhjhphleppgakhlffhlfhbekfnobbk_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmblmlebfhgmggndnfipebabpklgnnae_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmblmlebfhgmggndnfipebabpklgnnae_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pnnjhcapkfbnhlnapejhapnciojnmlmn_0.localstorage-journal
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pnnjhcapkfbnhlnapejhapnciojnmlmn_0.localstorage
c:\users\blackie\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\blackie\Documents\~WRL1786.tmp
c:\users\blackie\Documents\~WRL2567.tmp
c:\users\blackie\Documents\~WRL2912.tmp
c:\users\blackie\Documents\~WRL3981.tmp
c:\users\blackie\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_UniversalCommunicationServer
.
.
((((((((((((((((((((((((( Files Created from 2015-09-08 to 2015-10-08 )))))))))))))))))))))))))))))))
.
.
2015-10-08 00:58 . 2015-10-08 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-07 01:13 . 2015-10-07 01:34 -------- d-----w- C:\AdwCleaner
2015-10-07 00:22 . 2015-10-07 00:54 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-07 00:22 . 2015-10-07 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-07 00:22 . 2015-06-18 12:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-07 00:22 . 2015-06-18 12:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-07 00:22 . 2015-06-18 12:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-06 23:42 . 2015-10-06 23:48 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-06 23:42 . 2015-10-07 00:30 -------- d-----w- c:\programdata\RogueKiller
2015-10-06 23:25 . 2015-10-06 23:25 -------- d-----w- c:\windows\system32\Archive
2015-10-04 18:33 . 2015-10-04 18:40 -------- d-----w- C:\FRST
2015-09-11 23:06 . 2015-09-11 23:06 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-09-09 20:40 . 2015-08-26 18:07 3165696 ----a-w- c:\windows\system32\wucltux.dll
2015-09-09 16:12 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-26 22:37 . 2013-06-07 20:49 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-07-30 18:06 . 2015-08-13 15:20 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-13 15:20 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-13 15:20 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-13 15:20 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-13 15:20 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-14 07:18 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-14 07:18 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:09 . 2015-08-13 15:22 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-13 15:22 774656 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-13 15:22 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-13 15:22 437760 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-13 15:22 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-13 15:22 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-13 15:22 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-13 15:22 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-07-22 17:53 . 2015-09-09 16:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-15 18:15 . 2015-08-13 15:22 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 18:10 . 2015-08-13 15:22 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 18:10 . 2015-08-13 15:22 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 03:19 . 2015-08-13 15:21 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-07-10 17:51 . 2015-08-13 15:21 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-10 17:51 . 2015-08-13 15:19 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-07-10 17:51 . 2015-08-13 15:21 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-07-10 17:51 . 2015-08-13 15:21 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-07-10 17:34 . 2015-08-13 15:21 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-10 17:34 . 2015-08-13 15:21 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-10 17:33 . 2015-08-13 15:21 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-09-17 14:17 . 2014-09-17 14:17 32371688 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-08-08 53737488]
"GoogleChromeAutoLaunch_48A58E948FBE881A0A956C71AD0A097C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-09-24 815944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-04 291648]
"Vault Explorer Cache Watcher"="c:\program files (x86)\Verizon\Verizon Online Share Drive\vewatch.exe" [2013-06-01 17408]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-3-5 1389856]
Install SafeKey IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=SafeKey -ffuuid {072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-9-17 32371688]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-12 124088]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-05-22 201936]
S2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe [2015-08-27 237272]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-05-19 1436192]
S2 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-22 368048]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-19 14904]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2014-08-13 363128]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-09-18 14624]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2015-09-22 157928]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [2015-08-21 782608]
S2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [2015-07-23 1694152]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-22 368048]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-22 368048]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-22 368048]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [2015-07-06 373704]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2012-11-23 201872]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-06-11 20648]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [x]
S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys [x]
S3 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2015-06-29 232656]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [x]
S3 mfesapsn;McAfee Process Start Notification Service;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-09-22 37960]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-04 17:13 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-04 17:12]
.
2015-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-04 17:12]
.
2015-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001Core.job
- c:\users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07 00:52]
.
2015-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001UA.job
- c:\users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07 00:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-20 6846096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-16 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-16 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-16 441888]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-11-12 7520768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-TWC.Win7 - c:\program files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{0170af4d-cefd-4bfb-8680-9fa0f3775dd3} - c:\program files (x86)\EnojoyCouppoin\9PQdFU2bLxsjUE.x64.dll
BHO-{1A41D1EA-6290-49B1-AB31-401D228E2F4F} - c:\program files (x86)\EnjOOyCoupon\BEEIHt3LCZpQgG.x64.dll
BHO-{82F96EAC-0AEB-4C38-BB02-559085E5760D} - c:\program files (x86)\50CoUpOns\v9aHGptg83lZ21.x64.dll
BHO-{EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE} - c:\program files (x86)\ExstraCOupoon\bsGpVOKllDXMVE.x64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Dell Update\DellUpTray.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-10-07 21:07:29 - machine was rebooted
ComboFix-quarantined-files.txt 2015-10-08 01:07
.
Pre-Run: 383,142,170,624 bytes free
Post-Run: 382,203,777,024 bytes free
.
- - End Of File - - EC92F0943FFA6CEC14B00D498BB3EB3A
5C616939100B85E558DA92B899A0FC36
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Part 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by blackie (administrator) on BLACKIE-PC (09-10-2015 05:11:28)
Running from C:\Users\blackie\Downloads
Loaded Profiles: blackie (Available Profiles: blackie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2012-11-12] (Dell Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-04] (Intel Corporation)
HKLM-x32\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files (x86)\Verizon\Verizon Online Share Drive\vewatch.exe [17408 2013-06-01] (DigiData Corp.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53737488 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\Run: [GoogleChromeAutoLaunch_48A58E948FBE881A0A956C71AD0A097C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-23] (Google Inc.)
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-05-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-09-17]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-06-09]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{17941E5A-442D-41F6-A63C-BF3EB16B5E33}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{53BD5BA6-6CBB-45D9-B383-1DB577A39A65}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2877198976-1275888466-3969009621-1001 -> DefaultScope {E9F0A92A-9A7C-42B3-8103-B6144473DA1E} URL =
SearchScopes: HKU\S-1-5-21-2877198976-1275888466-3969009621-1001 -> {13F2BE50-5EC5-4187-95CD-A2F95AD7ED03} URL =
BHO: EnojoyCouppoin -> {0170af4d-cefd-4bfb-8680-9fa0f3775dd3} -> C:\Program Files (x86)\EnojoyCouppoin\9PQdFU2bLxsjUE.x64.dll No File
BHO: EnjOOyCoupon -> {1A41D1EA-6290-49B1-AB31-401D228E2F4F} -> C:\Program Files (x86)\EnjOOyCoupon\BEEIHt3LCZpQgG.x64.dll No File
BHO: 50CoUpOns -> {82F96EAC-0AEB-4C38-BB02-559085E5760D} -> C:\Program Files (x86)\50CoUpOns\v9aHGptg83lZ21.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: ExstraCOupoon -> {EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE} -> C:\Program Files (x86)\ExstraCOupoon\bsGpVOKllDXMVE.x64.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @citrixonline.com/appdetectorplugin -> C:\Users\blackie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\blackie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @talk.google.com/O1DPlugin -> C:\Users\blackie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @tools.google.com/Google Update;version=3 -> C:\Users\blackie\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-2877198976-1275888466-3969009621-1001: @tools.google.com/Google Update;version=9 -> C:\Users\blackie\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\blackie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\blackie\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-09-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPEC1B809F-CE26-4AC6-BC35-9F716494E205&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://searchy.easylifeapp.com/"
CHR Profile: C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-08]
CHR Extension: (Google Docs) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-08]
CHR Extension: (Google Drive) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-08]
CHR Extension: (YouTube) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Google Search) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-08]
CHR Extension: (Google Sheets) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-08]
CHR Extension: (SiteAdvisor) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-13]
CHR Extension: (Gmail) - C:\Users\blackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-24]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-09-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-07-15] (SafeNet Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-11-12] (Dell Inc.) [File not signed]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-03-15] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-03-15] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-06] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-07-15] (SafeNet Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-06-17] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Part 2:



==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 05:10 - 2015-10-09 05:10 - 00000000 ____D C:\Users\blackie\Downloads\FRST-OlderVersion
2015-10-08 11:12 - 2015-10-08 11:12 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-10-07 21:07 - 2015-10-07 21:07 - 00041498 _____ C:\ComboFix.txt
2015-10-07 20:46 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-07 20:46 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-07 20:46 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-07 20:46 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-07 20:46 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-07 20:46 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-07 20:46 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-07 20:46 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-07 20:45 - 2015-10-07 21:07 - 00000000 ____D C:\Qoobox
2015-10-07 20:44 - 2015-10-07 21:04 - 00000000 ____D C:\Windows\erdnt
2015-10-07 20:42 - 2015-10-07 20:42 - 05635766 ____R (Swearware) C:\Users\blackie\Desktop\ComboFix.exe
2015-10-06 21:54 - 2015-10-06 21:54 - 00004426 _____ C:\Users\blackie\Desktop\JRT.txt
2015-10-06 21:44 - 2015-10-06 21:44 - 01801288 _____ (Malwarebytes) C:\Users\blackie\Downloads\JRT.exe
2015-10-06 21:13 - 2015-10-06 21:34 - 00000000 ____D C:\AdwCleaner
2015-10-06 21:03 - 2015-10-06 21:03 - 01681920 _____ C:\Users\blackie\Downloads\adwcleaner_5.010.exe
2015-10-06 20:22 - 2015-10-06 20:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-06 20:22 - 2015-10-06 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-06 20:22 - 2015-10-06 20:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-06 20:22 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-06 20:22 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-06 20:22 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-06 20:19 - 2015-10-06 20:20 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\blackie\Desktop\mbam-setup-2.1.8.1057.exe
2015-10-06 20:16 - 2015-10-06 20:16 - 00006322 _____ C:\Users\blackie\Desktop\roguekiller_report.txt
2015-10-06 19:42 - 2015-10-06 20:30 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-06 19:42 - 2015-10-06 19:48 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-06 19:41 - 2015-10-06 19:42 - 18823752 _____ C:\Users\blackie\Downloads\RogueKiller.exe
2015-10-06 19:25 - 2015-10-06 19:25 - 00000000 ____D C:\Windows\system32\Archive
2015-10-04 14:35 - 2015-10-04 14:40 - 00033571 _____ C:\Users\blackie\Downloads\Addition.txt
2015-10-04 14:34 - 2015-10-09 05:12 - 00023834 _____ C:\Users\blackie\Downloads\FRST.txt
2015-10-04 14:33 - 2015-10-09 05:11 - 00000000 ____D C:\FRST
2015-10-04 14:33 - 2015-10-09 05:10 - 02194944 _____ (Farbar) C:\Users\blackie\Downloads\FRST64.exe
2015-10-04 13:13 - 2015-10-04 13:13 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-04 13:13 - 2015-10-04 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-04 13:12 - 2015-10-09 04:17 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-04 13:12 - 2015-10-08 13:17 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-04 13:12 - 2015-10-04 13:12 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-04 13:12 - 2015-10-04 13:12 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-29 14:21 - 2015-09-29 14:21 - 06122021 _____ C:\Users\blackie\Downloads\SquareMonogram.zip
2015-09-29 14:21 - 2015-09-29 14:21 - 04100944 _____ C:\Users\blackie\Downloads\fancymononew.zip
2015-09-23 09:20 - 2015-09-23 09:20 - 00002361 _____ C:\Users\blackie\Uninstall-VzInHomeAgentlog.log
2015-09-23 09:17 - 2015-09-23 09:17 - 00042330 _____ C:\RPSetup.exe.log
2015-09-15 11:25 - 2015-09-15 11:25 - 00000000 ____D C:\Users\blackie\Downloads\PUMPKIN_5X7 (2)
2015-09-15 11:24 - 2015-09-15 11:24 - 00305131 _____ C:\Users\blackie\Downloads\PUMPKIN_5X7 (2).zip
2015-09-15 11:21 - 2015-09-15 11:21 - 00305131 _____ C:\Users\blackie\Downloads\PUMPKIN_5X7 (1).zip
2015-09-13 19:44 - 2015-09-13 19:44 - 00000000 ____D C:\Users\blackie\Downloads\Archive
2015-09-13 19:42 - 2015-09-13 19:42 - 00108803 _____ C:\Users\blackie\Downloads\Archive.zip
2015-09-13 19:24 - 2015-09-13 19:24 - 00000000 ____D C:\Users\blackie\Downloads\sslongenecker_3933111_Page1
2015-09-13 19:24 - 2015-09-13 19:24 - 00000000 ____D C:\Users\blackie\Downloads\Olaf
2015-09-13 19:22 - 2015-09-13 19:22 - 04480319 _____ C:\Users\blackie\Downloads\Olaf.zip
2015-09-13 19:22 - 2015-09-13 19:22 - 00026190 _____ C:\Users\blackie\Downloads\sslongenecker_3933111_Page1.zip
2015-09-11 19:06 - 2015-09-11 19:06 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-11 19:06 - 2015-09-11 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-09 16:42 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 16:42 - 2015-08-15 02:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 16:42 - 2015-08-15 02:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 16:42 - 2015-08-15 02:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 16:42 - 2015-08-15 01:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 16:42 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 16:42 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 16:42 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 16:42 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 16:42 - 2015-08-15 01:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 16:42 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 16:42 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 16:42 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 16:42 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 16:42 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 16:42 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 16:42 - 2015-08-05 13:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 16:42 - 2015-08-05 13:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 16:42 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 16:41 - 2015-09-01 23:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 16:41 - 2015-09-01 23:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 16:41 - 2015-09-01 23:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 16:41 - 2015-09-01 23:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 16:41 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 16:41 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 16:41 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-09 16:41 - 2015-09-01 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 16:41 - 2015-09-01 21:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 16:41 - 2015-09-01 21:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 16:41 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 16:41 - 2015-08-17 21:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 16:41 - 2015-08-15 02:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 16:41 - 2015-08-15 02:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 16:41 - 2015-08-15 02:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 16:41 - 2015-08-15 02:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 16:41 - 2015-08-15 02:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 16:41 - 2015-08-15 02:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 16:41 - 2015-08-15 02:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 16:41 - 2015-08-15 02:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 16:41 - 2015-08-15 02:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 16:41 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 16:41 - 2015-08-15 02:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 16:41 - 2015-08-15 02:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 16:41 - 2015-08-15 02:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 16:41 - 2015-08-15 02:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 16:41 - 2015-08-15 02:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 16:41 - 2015-08-15 01:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 16:41 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 16:41 - 2015-08-15 01:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 16:41 - 2015-08-15 01:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 16:41 - 2015-08-15 01:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 16:41 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 16:41 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 16:41 - 2015-08-15 01:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 16:41 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 16:41 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 16:41 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 16:41 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 16:41 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 16:41 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 16:41 - 2015-08-15 01:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 16:41 - 2015-08-15 01:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 16:41 - 2015-08-15 01:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 16:41 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 16:41 - 2015-08-15 01:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 16:41 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 16:41 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 16:41 - 2015-08-15 01:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 16:41 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 16:41 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 16:41 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 16:41 - 2015-08-15 00:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 16:41 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 16:41 - 2015-08-15 00:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 16:41 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 16:41 - 2015-08-04 14:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 16:41 - 2015-08-04 14:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 16:41 - 2015-08-04 13:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 16:41 - 2015-08-04 13:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 16:41 - 2015-08-04 13:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 16:41 - 2015-08-04 13:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 16:41 - 2015-08-04 13:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 16:41 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 16:41 - 2015-08-04 12:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 16:40 - 2015-08-26 14:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 16:40 - 2015-08-26 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 16:40 - 2015-08-26 14:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 16:40 - 2015-08-26 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 16:40 - 2015-08-26 14:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 16:40 - 2015-08-26 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 16:40 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 16:40 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 16:40 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 16:40 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 16:40 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 12:12 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 12:12 - 2015-08-27 14:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 12:12 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 12:12 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 12:12 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 12:12 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 12:12 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-09 12:12 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-09 12:12 - 2015-07-22 20:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 12:12 - 2015-07-22 20:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 12:12 - 2015-07-22 20:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 12:12 - 2015-07-22 20:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 12:12 - 2015-07-22 20:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-09 12:12 - 2015-07-22 20:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-09 12:12 - 2015-07-22 20:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-09 12:12 - 2015-07-22 20:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 12:12 - 2015-07-22 20:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 12:12 - 2015-07-22 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 12:12 - 2015-07-22 20:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-09 12:12 - 2015-07-22 20:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-09 12:12 - 2015-07-22 20:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 12:12 - 2015-07-22 20:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 12:12 - 2015-07-22 19:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 12:12 - 2015-07-22 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 19:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 12:12 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-09 12:12 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-09 12:12 - 2015-07-22 13:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-09 12:12 - 2015-07-22 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-09 12:12 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-09 12:12 - 2015-07-22 13:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-09 12:12 - 2015-07-22 13:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-09 12:12 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-09 12:12 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 12:12 - 2015-07-22 12:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 12:12 - 2015-07-22 12:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 12:12 - 2015-07-22 12:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 12:12 - 2015-07-22 12:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-09 12:12 - 2015-07-22 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-09 12:12 - 2015-07-22 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 12:12 - 2015-07-22 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 12:12 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 12:12 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 12:12 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 12:12 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 12:12 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-09 12:12 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-09 12:12 - 2015-06-25 06:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 12:12 - 2015-06-25 06:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 12:12 - 2015-06-25 06:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 12:12 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 04:58 - 2013-06-07 18:40 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001UA.job
2015-10-09 03:07 - 2013-05-29 09:20 - 01436563 _____ C:\Windows\WindowsUpdate.log
2015-10-09 03:05 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 03:05 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 03:00 - 2015-04-07 19:57 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-09 03:00 - 2015-04-07 19:57 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 20:58 - 2013-06-07 18:40 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001Core.job
2015-10-08 11:14 - 2013-06-08 11:08 - 00000000 ____D C:\Users\blackie\AppData\Roaming\PCDr
2015-10-07 21:07 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-10-07 21:01 - 2014-09-15 21:52 - 00000000 __RSD C:\Users\blackie\Documents\McAfee Vaults
2015-10-07 21:01 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-10-07 20:59 - 2010-11-20 23:47 - 01307710 _____ C:\Windows\PFRO.log
2015-10-07 20:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-07 20:59 - 2009-07-14 00:51 - 00056910 _____ C:\Windows\setupact.log
2015-10-07 20:59 - 2009-07-13 22:34 - 81002496 _____ C:\Windows\system32\config\software.bak
2015-10-07 20:59 - 2009-07-13 22:34 - 43515904 _____ C:\Windows\system32\config\components.bak
2015-10-07 20:59 - 2009-07-13 22:34 - 28049408 _____ C:\Windows\system32\config\system.bak
2015-10-07 20:59 - 2009-07-13 22:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2015-10-07 20:59 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-10-07 20:59 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-10-07 20:57 - 2013-06-07 14:50 - 00000000 ____D C:\Users\blackie
2015-10-06 21:44 - 2013-08-06 18:51 - 00000000 ____D C:\Users\blackie\AppData\Roaming\Skype
2015-10-06 21:00 - 2014-01-25 10:00 - 00000000 ____D C:\Users\blackie\AppData\Roaming\Mozilla
2015-10-06 20:53 - 2013-06-07 18:40 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001UA
2015-10-06 20:53 - 2013-06-07 18:40 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001Core
2015-10-04 13:13 - 2013-06-08 06:24 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-04 13:12 - 2013-06-07 18:40 - 00000000 ____D C:\Users\blackie\AppData\Local\Deployment
2015-10-04 12:46 - 2011-02-10 12:10 - 00808800 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-04 12:46 - 2009-07-14 01:13 - 00808800 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-04 10:09 - 2013-07-29 21:29 - 00000000 ____D C:\Users\blackie\AppData\Local\Windows Live
2015-10-04 09:37 - 2015-06-16 08:21 - 00000000 ____D C:\Program Files (x86)\Nutritious Video
2015-09-30 10:23 - 2013-06-07 17:27 - 00000000 ____D C:\My Designs
2015-09-29 13:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-29 11:28 - 2014-02-08 09:15 - 00000000 ____D C:\Users\blackie\AppData\Local\CrashDumps
2015-09-23 09:21 - 2014-09-17 09:49 - 00000000 ____D C:\Users\blackie\AppData\Local\Citrix
2015-09-23 09:20 - 2014-09-15 21:52 - 00000000 ____D C:\Users\blackie\AppData\Roaming\Verizon
2015-09-23 09:20 - 2014-09-15 20:09 - 00000000 ____D C:\Program Files (x86)\Verizon
2015-09-23 09:20 - 2013-06-09 19:08 - 00000000 ____D C:\ProgramData\McAfee
2015-09-23 09:18 - 2013-05-29 07:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-23 09:17 - 2013-05-29 08:03 - 00042330 _____ C:\Windows\RPSETUP.EXE.LOG
2015-09-23 09:10 - 2013-05-29 08:16 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-09-23 09:10 - 2013-05-29 08:16 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-09-11 19:06 - 2013-08-06 18:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-11 19:06 - 2013-08-06 18:51 - 00000000 ____D C:\ProgramData\Skype
2015-09-10 03:41 - 2009-07-14 00:45 - 00295216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 03:37 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 03:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 03:18 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-09-17 10:17 - 2014-09-17 10:17 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-18 22:26 - 2015-02-15 12:38 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\blackie\MetricCollection.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-06 22:18

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by blackie (2015-10-09 05:12:50)
Running from C:\Users\blackie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-06-07 18:50:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2877198976-1275888466-3969009621-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2877198976-1275888466-3969009621-1004 - Limited - Enabled)
blackie (S-1-5-21-2877198976-1275888466-3969009621-1001 - Administrator - Enabled) => C:\Users\blackie
Guest (S-1-5-21-2877198976-1275888466-3969009621-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2877198976-1275888466-3969009621-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
BERNINA Embroidery Software 5.0X (HKLM-x32\...\{1919D96B-79F5-465E-8D81-1C22C9A7CD57}) (Version: 5.0.0087 - BERNINA)
BERNINA Universal Communication Server (HKLM-x32\...\{CF27C964-3902-4CA3-9C71-B0EAEB302AB5}) (Version: 1.1.2 - BERNINA)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.58 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Embroidery Software (x32 Version: 5.0.0035 - BERNINA) Hidden
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IHA_MessageCenter (HKLM-x32\...\{C3300989-DAF5-4F3A-81FF-404729267C0B}) (Version: 2.0.63 - Verizon)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) ENU (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Verizon Internet Security Suite Multi-Device (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
Verizon Online Backup and Sharing for PC (HKLM-x32\...\{00CBEAB1-3FF4-4A94-AA71-237297D75526}) (Version: 5.1.24.11 - Verizon)
Verizon Online Share Drive (HKLM-x32\...\{62DE5981-F09F-49F5-9991-3C26DA81D740}) (Version: 2.1.41 - Verizon)
VzDownloadManager (HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2500 - Broadcom Corporation)
Windows Driver Package - Broadcom (BcmVWL) Net (10/21/2011 6.20.55.1) (HKLM\...\D3D5243E35F0E912D4EBC814E30F950D23D4C15B) (Version: 10/21/2011 6.20.55.1 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2877198976-1275888466-3969009621-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\blackie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2877198976-1275888466-3969009621-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\blackie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

23-09-2015 09:17:11 Removed Dell DataSafe Local Backup
04-10-2015 12:38:58 Windows Update
06-10-2015 21:49:34 JRT Pre-Junkware Removal
09-10-2015 03:00:12 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-10-07 21:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F99084A-5800-456E-9809-B1F4557CC0B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2705C588-C182-4817-9A28-A2E6E1BCE995} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-04] (Google Inc.)
Task: {2C61FF8D-28A9-4503-922C-D584A70776AA} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {430BD47D-0F2F-4973-BFC3-BC43B2BB8AB2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {44580823-D961-4D1F-B33F-B39C9BF984F8} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {854F8F45-C4B5-452D-8A60-479B3C29E587} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {86F0DE56-9132-42E9-B1E5-985842526FB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001UA => C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-06] (Google Inc.)
Task: {960DEF9F-91A0-49A0-8847-62A68BA21047} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {9EFA125B-C3F1-4DB0-98A1-91B23AABBEB1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {A208D740-29B0-40F3-9332-B649C35EC2A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-04] (Google Inc.)
Task: {B3BB99EA-7AB8-4B2C-B310-EB310B5F398C} - System32\Tasks\{928C353B-8F60-4122-A664-76CCAA08FD0C} => pcalua.exe -a C:\Users\blackie\AppData\Local\Temp\Temp1_BERNINAV5ServicePack3.zip\BERNINA_V5.0x_SP3.exe
Task: {E8E5A5C2-A1B4-4933-A844-798930B3B31D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001Core => C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-06] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001Core.job => C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877198976-1275888466-3969009621-1001UA.job => C:\Users\blackie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-06-01 03:21 - 2013-06-01 03:21 - 02467328 _____ () C:\Program Files (x86)\Verizon\Verizon Online Share Drive\DigiData.Vault.VaultExplorer.dll
2015-06-23 10:46 - 2015-05-19 21:26 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2015-06-23 10:46 - 2015-05-19 21:26 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2015-10-04 12:57 - 2015-10-04 12:57 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\582f6038931a9b63060e663814d293d0\PSIClient.ni.dll
2013-05-29 07:50 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-10-04 13:13 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-04 13:13 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-04 13:13 - 2015-09-23 22:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\blackie\Downloads\noname.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\blackie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3BA5DE49-E252-46CB-9A40-75A7335034AC}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDTray.exe
FirewallRules: [{4CFE4055-5CE9-4C5B-A1F2-F4A5D248CE4B}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDTray.exe
FirewallRules: [{1C7D9723-12C2-4FE2-B63A-8DF00864FA5B}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDSendToExplorer.exe
FirewallRules: [{CCE63760-B5CB-4F72-B436-34AECD6ADAD1}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDSendToExplorer.exe
FirewallRules: [{01C04F14-8BE4-4365-A7E0-E4317B4FCCC9}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDTray.exe
FirewallRules: [{B335C8BF-9240-4760-BFA6-A7D354360180}] => (Allow) C:\Program Files\Dell\DW WLAN Card\WFDTray.exe
FirewallRules: [{A1122A76-9871-45DF-B76A-DE8A17196B3E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B0B63C77-8203-4AED-A31B-70EFA1B6BD97}] => (Allow) LPort=2869
FirewallRules: [{68A186E7-0C69-4D2A-A266-5AD5BA35FF98}] => (Allow) LPort=1900
FirewallRules: [{A6096596-50D2-4DEC-BB52-4B81F428485C}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{F4B2F478-4377-4026-A37E-4399C15F5CDB}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{3F8F31F1-AB80-4799-820A-C7645F03152F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D8D9C48D-F4C4-4ECA-9DA9-3EA3B85E6CD2}] => (Allow) C:\Users\blackie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{EF54B964-0994-4E98-824D-1AA8A3B19458}] => (Allow) C:\Users\blackie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{27BF318F-FC09-424E-86C1-7FBD0068C4ED}] => (Allow) C:\Users\blackie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{059F65EC-86B0-43C1-8E0A-F13F49A3DF1B}] => (Allow) C:\Users\blackie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{E14C5AEB-8756-41A4-A7E7-3E4FA08980BE}] => (Allow) LPort=50000
FirewallRules: [{12EF9473-9BB4-49DC-8F70-AE3B0E9851DE}] => (Allow) C:\Users\blackie\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{08B8C363-80D5-49FD-8C41-43218ACC6ED5}] => (Allow) C:\Users\blackie\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{4382AD19-C04F-4FB8-9034-B075A1266179}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{002D7E99-A02B-4178-9D29-CED05AA50D9B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{37C8CECF-18B7-4AA1-9597-0CF770DEC0AD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{89500882-5AEE-4030-8867-62C6C9BCDF7E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2A29FBB2-25D1-4791-B103-0EA4B9132AB9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E06B82E2-776B-4577-9AD4-4DA48692E245}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{22535498-1D67-4ECF-84CE-9B12335A3FD4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4BCADB09-AFF7-45D1-B433-85A6BD2D2A22}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5311B9A1-021A-4E01-B4B0-1F0463B01A0E}] => (Allow) LPort=50001
FirewallRules: [{A3F31C1D-B86D-4BE1-AC87-1309274A8797}] => (Allow) LPort=50000
FirewallRules: [{458D16BA-5780-466D-8E0E-9A3AC1B09A07}] => (Allow) LPort=50001
FirewallRules: [{206C4FAF-E254-426D-8459-9CF8F5BEDEEA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2015 09:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2015 03:13:12 AM) (Source: UniversalCommunicationServer) (EventID: 0) (User: )
Description: Universal Communication Server Terminating: True
reason: System.UnhandledExceptionEventArgs
Stack: TraceEnvironment.XTrace+AssertionFailedException: unexpected message length 4
at TraceEnvironment.XTrace.Assert(Boolean aCondition, String aFormat, Object[] aObjects)
at UniversalCommunicationServer.ServerConnection.stateConnectedOnServerDataReceived(evServerDataReceived aEvent)
at MultiThreading.Reactive.MainLoop()
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()

Error: (10/06/2015 09:39:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2015 08:50:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2015 07:47:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.10.9.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a0

Start Time: 01d10090b4cb5e67

Termination Time: 7

Application Path: C:\Users\blackie\Downloads\RogueKiller.exe

Report Id: 7d8a66a2-6c84-11e5-8ed8-9c2a70d2d4ee

Error: (10/06/2015 07:25:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2015 11:23:39 AM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (10/01/2015 11:37:21 AM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (09/30/2015 11:18:04 AM) (Source: MsiInstaller) (EventID: 1013) (User: blackie-PC)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (09/29/2015 11:27:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55b02e88
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x24b8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3


System errors:
=============
Error: (10/09/2015 05:06:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/07/2015 09:13:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/07/2015 09:00:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (10/07/2015 08:58:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (10/07/2015 08:58:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/07/2015 08:58:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/07/2015 08:56:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/07/2015 08:52:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/07/2015 08:33:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (10/07/2015 05:18:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll


CodeIntegrity:
===================================
Date: 2015-10-07 20:56:52.388
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-07 20:56:52.310
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-13 11:57:53.937
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.927
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.917
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.907
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.827
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.817
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.817
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-13 11:57:53.797
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 63%
Total physical RAM: 3971.36 MB
Available physical RAM: 1443.94 MB
Total Virtual: 7940.91 MB
Available Virtual: 4904.73 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.54 GB) (Free:355.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 05CB3CF8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.7 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by blackie (2015-10-10 07:30:23) Run:1
Running from C:\Users\blackie\Desktop
Loaded Profiles: blackie (Available Profiles: blackie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2877198976-1275888466-3969009621-1001 -> DefaultScope {E9F0A92A-9A7C-42B3-8103-B6144473DA1E} URL =
SearchScopes: HKU\S-1-5-21-2877198976-1275888466-3969009621-1001 -> {13F2BE50-5EC5-4187-95CD-A2F95AD7ED03} URL =
BHO: EnojoyCouppoin -> {0170af4d-cefd-4bfb-8680-9fa0f3775dd3} -> C:\Program Files (x86)\EnojoyCouppoin\9PQdFU2bLxsjUE.x64.dll No File
BHO: EnjOOyCoupon -> {1A41D1EA-6290-49B1-AB31-401D228E2F4F} -> C:\Program Files (x86)\EnjOOyCoupon\BEEIHt3LCZpQgG.x64.dll No File
BHO: 50CoUpOns -> {82F96EAC-0AEB-4C38-BB02-559085E5760D} -> C:\Program Files (x86)\50CoUpOns\v9aHGptg83lZ21.x64.dll No File
BHO: ExstraCOupoon -> {EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE} -> C:\Program Files (x86)\ExstraCOupoon\bsGpVOKllDXMVE.x64.dll No File
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPEC1B809F-CE26-4AC6-BC35-9F716494E205&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://searchy.easylifeapp.com/"
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2014-09-17 10:17 - 2014-09-17 10:17 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-18 22:26 - 2015-02-15 12:38 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
C:\Users\blackie\MetricCollection.dll
AlternateDataStreams: C:\Users\blackie\Downloads\noname.eml:OECustomProperty

*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2877198976-1275888466-3969009621-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13F2BE50-5EC5-4187-95CD-A2F95AD7ED03}" => key removed successfully
HKCR\CLSID\{13F2BE50-5EC5-4187-95CD-A2F95AD7ED03} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0170af4d-cefd-4bfb-8680-9fa0f3775dd3}" => key removed successfully
"HKCR\CLSID\{0170af4d-cefd-4bfb-8680-9fa0f3775dd3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A41D1EA-6290-49B1-AB31-401D228E2F4F}" => key removed successfully
"HKCR\CLSID\{1A41D1EA-6290-49B1-AB31-401D228E2F4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82F96EAC-0AEB-4C38-BB02-559085E5760D}" => key removed successfully
"HKCR\CLSID\{82F96EAC-0AEB-4C38-BB02-559085E5760D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE}" => key removed successfully
"HKCR\CLSID\{EFEB81BC-4E92-4ECC-9A71-BF58276CDDFE}" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
WinDefend => service removed successfully
catchme => service removed successfully
C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => moved successfully
C:\Users\blackie\MetricCollection.dll => moved successfully
C:\Users\blackie\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog 07:30:28 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
I'm temporarily away from that computer. I'll run these scans when I'm back with it and post my results then. Thank you for all of your help.
 
Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Anti-Virus and Anti-Spyware
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Google Chrome (45.0.2454.101)
Google Chrome (46.0.2490.71)
````````Process Check: objlist.exe by Laurent````````
Verizon Verizon Online Share Drive vewatch.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````






Farbar Service Scanner Version: 26-07-2015
Ran by blackie (administrator) on 17-10-2015 at 17:56:52
Running from "C:\Users\blackie\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thank you!!

Interesting note... all previous symptoms seem to have been eradicated. No popups, no loud audio ads, etc. But after a reboot, Chrome comes up with the Chrome Cleanup Tool, says something is making Chrome act strangely, and it sites Multiplug as it's target. Then it removes all settings, plugins and WoT. Is this ok? Should I just reinstall WoT? Or has something else gone wrong?

Thanks!!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back