Page 1 of 5 123 ... LastLast
Results 1 to 10 of 43
  1. #1
    Member
    Join Date
    Aug 2004
    Posts
    27
    Points
    0

    Default Help Please Malware / Adware / Spyware & Everythingyoucanthinkofware

    Trying to maintain sense of humor but really need help. Here are logs in order from HiJackThis, Malwarebytes, and SUPER Anti Spyware. I have McAfee running but not really sure what use it is since Malwarebytes is detecting several threats. The problems that are visible are Ads by deal4real, and something else that contiually forces other pages to open telling me to call a certain number for tech support. Also windows poping up telling me some page that I don't recognize suggests updating Flash.

    Here are the logs.

    HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:09:22 AM, on 3/21/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)

    FIREFOX: 36.0.3 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell Update\DellUpTray.exe
    C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Password Safe\pwsafe.exe
    C:\Users\Kevin\Downloads\HijackThis.exe
    C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ttopbUyero - {d4db9cd6-00a3-46e8-973c-ff235f5b5414} - C:\Program Files (x86)\ttopbUyero\koZ6x1Qpl49Nyd.dll (file missing)
    O2 - BHO: ProoShopPierr - {ee6759d8-3bf4-4223-b4bf-30b1c10b48cf} - C:\Program Files (x86)\ProoShopPierr\vOeoTkGrRw1iKF.dll (file missing)
    O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
    O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: McAfee Application Installer Cleanup (0152401426800445) (0152401426800445mcinstcleanup) - Unknown owner - C:\Windows\TEMP\015240~1.EXE (file missing)
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: Dell WMI Service - Unknown owner - C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: O2FLASH - Unknown owner - C:\Windows\System32\drivers\o2flash.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12251 bytes


    MALWAREBYTES

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 3/21/2015
    Scan Time: 9:50:27 AM
    Logfile: Malwarebytes log.txt
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.03.21.04
    Rootkit Database: v2015.02.25.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Kevin

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 389899
    Time Elapsed: 22 min, 24 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 1
    PUP.Optional.Multiplug, C:\Program Files (x86)\icanshop\icanshop.dll, Delete-on-Reboot, [b573291fcfbba195b79bd45a43bf6e92],

    Registry Keys: 15
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [7cacf5534941191ded868e744fb5cb35],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\SOFTWARE\INSTALLCORE, Quarantined, [998f7bcd8ffb0630a3a94ccca2630bf5],
    PUP.Optional.GetDiscountApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [81a75bed2c5e92a4928bfe9dc53e42be],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{74972EDF-A814-4507-8DD0-7A8C56A7DDBF}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CEEAE576-EBDB-4824-929F-273454600785}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB9A7BD0-EE09-427E-AB13-C54EE0C4EF86}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{74972EDF-A814-4507-8DD0-7A8C56A7DDBF}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CEEAE576-EBDB-4824-929F-273454600785}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FB9A7BD0-EE09-427E-AB13-C54EE0C4EF86}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{74972EDF-A814-4507-8DD0-7A8C56A7DDBF}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CEEAE576-EBDB-4824-929F-273454600785}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FB9A7BD0-EE09-427E-AB13-C54EE0C4EF86}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}, Quarantined, [77b162e688020432cf0dc9d218ebe020],

    Registry Values: 2
    PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [7aae311772189f97caa411311bea19e7]
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, Quarantined, [998f7bcd8ffb0630a3a94ccca2630bf5]

    Registry Data: 0
    (No malicious items detected)

    Folders: 3
    PUP.Optional.Updater.A, C:\Users\Kevin\AppData\Roaming\UpdaterEX\UpdateProc, Quarantined, [4fd9361251397fb718bb7d11ef1416ea],
    PUP.Optional.GetDiscountApp.A, C:\ProgramData\GetDiscountApp, Quarantined, [81a75bed2c5e92a4928bfe9dc53e42be],
    PUP.Optional.CoupScanner.A, C:\Program Files (x86)\CoUpScannEr, Quarantined, [77b162e688020432cf0dc9d218ebe020],

    Files: 6
    PUP.Optional.Multiplug, C:\Program Files (x86)\icanshop\icanshop.dll, Delete-on-Reboot, [b573291fcfbba195b79bd45a43bf6e92],
    PUP.Optional.Updater.A, C:\Users\Kevin\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, Quarantined, [4fd9361251397fb718bb7d11ef1416ea],
    PUP.Optional.Updater.A, C:\Users\Kevin\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, Quarantined, [4fd9361251397fb718bb7d11ef1416ea],
    PUP.Optional.GetDiscountApp.A, C:\ProgramData\GetDiscountApp\GetDiscountApp.exe, Quarantined, [81a75bed2c5e92a4928bfe9dc53e42be],
    PUP.Optional.CoupScanner.A, C:\Program Files (x86)\CoUpScannEr\lzpdxHOFa47Nf5.dat, Quarantined, [77b162e688020432cf0dc9d218ebe020],
    PUP.Optional.CoupScanner.A, C:\Program Files (x86)\CoUpScannEr\lzpdxHOFa47Nf5.tlb, Quarantined, [77b162e688020432cf0dc9d218ebe020],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    SUPERANTISPYWARE

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 03/21/2015 at 09:29 AM

    Application Version : 6.0.1170
    Database Version : 11796

    Scan type : Complete Scan
    Total Scan Time : 00:13:26

    Operating System Information
    Windows 8.1 64-bit (Build 6.03.9200)
    UAC On - Limited User

    Memory items scanned : 919
    Memory threats detected : 0
    Registry items scanned : 59782
    Registry threats detected : 0
    File items scanned : 25002
    File threats detected : 111

    Adware.Tracking Cookie
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\AP857PDM.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\AP857PDM.txt [ /doubleclick.net ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\D63V4JKC.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\D63V4JKC.txt [ /adaptv.advertising.com ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\VC08Z1ZT.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\VC08Z1ZT.txt [ /c1.adform.net ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\H9UZS5EO.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\H9UZS5EO.txt [ /adform.net ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\ABVK8Q46.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\ABVK8Q46.txt [ /adtechus.com ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\6ANARYB6.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\6ANARYB6.txt [ /burstnet.com ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\Z1N14T76.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\Z1N14T76.txt [ /serving-sys.com ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\0MUS6MN2.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\0MUS6MN2.txt [ /imrworldwide.com ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\B4DNKV0G.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\B4DNKV0G.txt [ /casalemedia.com ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\SVENZJWT.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\SVENZJWT.txt [ /movieticketscom.122.2o7.net ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\LKW1WFYM.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\LKW1WFYM.txt [ /ru4.com ]
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\PQUK6LJ7.txtC:\Users\Kevin\AppData\Local\Microsoft\Windows\INetCookies\Low\PQUK6LJ7.txt [ /eyeviewads.com ]
    .doubleclick.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .xiti.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .xiti.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .eyeviewads.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.servebom.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .basebanner.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .googleadservices.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    cpvtrack202.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    cpvtrack202.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .histats.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.clickhoofind.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    BurstMedia [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    c1.adform.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    c1.adform.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adition.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .8tracks.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]
    .track.pxxtz.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86XHFTJB.DEFAULT\COOKIES.SQLITE ]

    Adware.MultiPlug/Variant
    C:\PROGRAM FILES (X86)\PROOSHOPPIERR\VOEOTKGRRW1IKF.DLL
    C:\PROGRAM FILES (X86)\TTOPBUYERO\KOZ6X1QPL49NYD.DLL

    Adware.DealPly/Variant
    C:\USERS\KEVIN\APPDATA\ROAMING\UPDATEREX\UPDATEPROC\UPDATETASK.EXE

    ============================
    Unwanted Programs Detected
    ============================
    PC Utilities Pro - Optimizer Pro
    Vosteran Browser

    ============
    End of Log
    ============

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi! My name is zep516 and Welcome to help2togo
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!



    Download the version of this tool for your operating system.
    Farbar Recovery Scan Tool (64 bit)------This one for you. I need this on the desktop. Post both logs
    farbar-recovery-scan-tool/dl/81/Farbar Recovery Scan Tool (32 bit)
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please also paste it to your reply.

    Thanks
    Joe

  3. #3
    Member
    Join Date
    Aug 2004
    Posts
    27
    Points
    0

    Default

    Quote Originally Posted by zep516 View Post
    Hi! My name is zep516 and Welcome to help2togo
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!



    Download the version of this tool for your operating system.
    Farbar Recovery Scan Tool (64 bit)------This one for you. I need this on the desktop. Post both logs
    farbar-recovery-scan-tool/dl/81/Farbar Recovery Scan Tool (32 bit)
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please also paste it to your reply.

    Thanks
    Joe

  4. #4
    Member
    Join Date
    Aug 2004
    Posts
    27
    Points
    0

    Default

    FRST.TXT

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Kevin (administrator) on MCCOFFICE on 21-03-2015 12:11:45
    Running from C:\Users\Kevin\Downloads
    Loaded Profiles: Kevin (Available profiles: Kevin & lpmcc_000)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Dell Inc.) C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2013-12-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-12-24] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643576 2014-11-13] (McAfee, Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-11-29] ( (Qualcomm®Atheros®))
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
    ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
    Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    SearchScopes: HKLM -> DefaultScope {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001 -> DefaultScope {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001 -> {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO: ttopbUyero -> {d4db9cd6-00a3-46e8-973c-ff235f5b5414} -> C:\Program Files (x86)\ttopbUyero\koZ6x1Qpl49Nyd.x64.dll [2015-03-14] ()
    BHO: ProoShopPierr -> {ee6759d8-3bf4-4223-b4bf-30b1c10b48cf} -> C:\Program Files (x86)\ProoShopPierr\vOeoTkGrRw1iKF.x64.dll [2015-03-14] ()
    BHO-x32: ttopbUyero -> {d4db9cd6-00a3-46e8-973c-ff235f5b5414} -> C:\Program Files (x86)\ttopbUyero\koZ6x1Qpl49Nyd.dll No File
    BHO-x32: ProoShopPierr -> {ee6759d8-3bf4-4223-b4bf-30b1c10b48cf} -> C:\Program Files (x86)\ProoShopPierr\vOeoTkGrRw1iKF.dll No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-12-04] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-12-04] (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\86xhftjb.default
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    FF Homepage: hxxp://www.google.com/
    FF Keyword.URL: https://search.yahoo.com/search?fr=m...07D20150222&p=
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-12-04] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-12-04] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-31] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-31] (Google Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-02-28]
    FF Extension: deali4real - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\86xhftjb.default\Extensions\Xx2@p4Gsr.com [2015-03-15]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-22]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-02-22]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-31]
    CHR Extension: (Google Docs) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-31]
    CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-31]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-31]
    CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-31]
    CHR Extension: (Google Search) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-31]
    CHR Extension: (Google Sheets) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-31]
    CHR Extension: (SiteAdvisor) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-21]
    CHR Extension: (Spreed speed read the web) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2015-02-21]
    CHR Extension: (SaverPrao) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhnigdggiakfonmlffbackhnkidbeeee [2015-02-22]
    CHR Extension: (Bookmark) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm [2015-03-14]
    CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-31]
    CHR Extension: (Gmail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-31]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-22]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-22]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2013-11-29] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [147456 2013-12-27] () [File not signed]
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-11-07] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-02-06] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [660544 2014-12-04] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
    R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [604448 2014-12-17] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [228000 2014-12-19] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [312952 2014-12-20] (McAfee, Inc.)
    R3 mfevtp; C:\Windows\system32\mfevtps.exe [221320 2014-12-19] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-24] (Realtek Semiconductor)
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    S2 0152401426800445mcinstcleanup; C:\Windows\TEMP\015240~1.EXE -cleanup -nolog [X]
    S2 3a73c61c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\icanshop\icanshop.dll",serv

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-29] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70984 2014-12-19] (McAfee, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
    R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
    R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
    R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-21] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [368904 2014-12-19] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [340192 2014-12-19] (McAfee, Inc.)
    R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [100080 2014-12-19] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82584 2014-12-19] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [532424 2014-12-19] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [886488 2014-12-19] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [482600 2014-11-08] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [100720 2014-11-08] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [349328 2014-12-19] (McAfee, Inc.)
    R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2w8x64.sys [208312 2013-12-12] (O2Micro )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-21 12:11 - 2015-03-21 12:12 - 00024291 _____ () C:\Users\Kevin\Downloads\FRST.txt
    2015-03-21 12:11 - 2015-03-21 12:11 - 00415232 _____ (Farbar) C:\Users\Kevin\Downloads\FSS.exe
    2015-03-21 12:11 - 2015-03-21 12:11 - 00000000 ____D () C:\FRST
    2015-03-21 12:05 - 2015-03-21 12:05 - 02095616 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
    2015-03-21 11:09 - 2015-03-21 11:14 - 00012253 _____ () C:\Users\Kevin\Downloads\hijackthis.log
    2015-03-21 11:00 - 2015-03-21 11:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Kevin\Downloads\HijackThis.exe
    2015-03-21 10:26 - 2015-03-21 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2015-03-21 10:22 - 2015-03-21 10:22 - 00000000 ___RD () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-03-21 09:49 - 2015-03-21 10:22 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-21 09:49 - 2015-03-21 09:49 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-21 09:49 - 2015-03-21 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-21 09:49 - 2015-03-21 09:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-03-21 09:49 - 2015-03-21 09:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-21 09:49 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-21 09:49 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-21 09:49 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-21 09:47 - 2015-03-21 09:48 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Kevin\Downloads\mbam-setup-2.1.4.1018.exe
    2015-03-21 09:13 - 2015-03-21 09:13 - 00001827 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-03-21 09:13 - 2015-03-21 09:13 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
    2015-03-21 09:13 - 2015-03-21 09:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2015-03-21 09:13 - 2015-03-21 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-03-21 09:13 - 2015-03-21 09:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-03-21 09:12 - 2015-03-21 09:12 - 21459360 _____ (SUPERAntiSpyware) C:\Users\Kevin\Downloads\SUPERAntiSpyware.exe
    2015-03-21 08:07 - 2015-03-21 08:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-20 10:05 - 2015-03-20 10:05 - 00000000 ___RD () C:\Users\lpmcc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-03-18 15:59 - 2015-03-20 11:03 - 00036864 _____ () C:\Users\lpmcc_000\Desktop\Laura 2014 Tax Worksheet 031815.xls
    2015-03-18 06:21 - 2015-03-18 06:21 - 00000477 _____ () C:\Users\lpmcc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Book (E).lnk
    2015-03-14 17:47 - 2015-03-21 09:38 - 00000000 ____D () C:\Program Files (x86)\ttopbUyero
    2015-03-14 17:47 - 2015-03-21 09:38 - 00000000 ____D () C:\Program Files (x86)\ProoShopPierr
    2015-03-14 17:47 - 2015-03-14 22:36 - 00000000 ____D () C:\Program Files (x86)\Bookmark
    2015-03-14 17:47 - 2015-03-14 22:35 - 00000000 ____D () C:\Program Files (x86)\deali4real
    2015-03-14 17:45 - 2015-03-14 17:45 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
    2015-03-14 16:35 - 2015-03-14 16:35 - 00000000 ____D () C:\Users\lpmcc_000\AppData\Roaming\Mozilla
    2015-03-14 16:35 - 2015-03-14 16:35 - 00000000 ____D () C:\Users\lpmcc_000\AppData\Local\Mozilla
    2015-03-14 16:20 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
    2015-03-14 16:20 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2015-03-14 16:20 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
    2015-03-14 16:20 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2015-03-14 16:20 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
    2015-03-14 16:20 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
    2015-03-14 16:20 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
    2015-03-14 16:20 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
    2015-03-14 16:20 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
    2015-03-14 16:20 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
    2015-03-14 16:19 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-14 16:19 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-14 16:19 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-14 16:19 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-14 16:19 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-14 16:19 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-14 16:19 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-03-14 16:19 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-14 16:19 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-14 16:19 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-14 16:19 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-03-14 16:19 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-14 16:19 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-14 16:19 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-14 16:19 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-14 16:19 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-03-14 16:19 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-14 16:19 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-14 16:19 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-14 16:19 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-14 16:19 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-14 16:19 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-03-14 16:19 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-14 16:19 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-14 16:19 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-14 16:19 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-03-14 16:19 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-03-14 16:19 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-03-14 16:19 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-14 16:19 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-14 16:19 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-14 16:19 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-14 16:19 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-14 16:19 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-03-14 16:19 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2015-03-14 16:19 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-14 16:19 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-03-14 16:19 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-14 16:19 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-14 16:19 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-14 16:19 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-14 16:19 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-14 16:19 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-14 16:19 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-14 16:19 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-14 16:19 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-14 16:19 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
    2015-03-14 16:19 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
    2015-03-14 16:19 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-03-14 16:19 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-03-14 16:19 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-03-14 16:19 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
    2015-03-14 16:19 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
    2015-03-14 16:19 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
    2015-03-14 16:19 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
    2015-03-14 16:19 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-14 16:19 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
    2015-03-14 16:19 - 2015-01-29 23:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
    2015-03-14 16:19 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
    2015-03-14 16:19 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
    2015-03-14 16:19 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
    2015-03-14 16:19 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
    2015-03-14 16:19 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
    2015-03-14 16:19 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
    2015-03-14 16:19 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
    2015-03-14 16:19 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
    2015-03-14 16:19 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
    2015-03-14 16:19 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
    2015-03-14 16:19 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
    2015-03-14 16:19 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
    2015-03-14 16:19 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
    2015-03-14 16:19 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-14 16:19 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-14 16:19 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
    2015-03-14 16:19 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
    2015-03-14 16:19 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-03-14 16:19 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2015-03-14 16:19 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2015-03-14 16:19 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-03-14 16:19 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-03-14 16:19 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
    2015-03-14 16:19 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
    2015-03-14 16:19 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-03-14 16:19 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-14 16:19 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-03-14 16:19 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-03-14 16:19 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
    2015-03-14 16:19 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
    2015-03-14 16:19 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-14 16:19 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-14 16:19 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2015-03-14 16:19 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2015-03-14 16:19 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-14 16:19 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-14 16:19 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-14 16:19 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-14 16:19 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
    2015-03-14 16:19 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-03-14 16:19 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-14 16:19 - 2014-10-28 22:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
    2015-03-14 16:19 - 2014-10-28 22:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
    2015-03-14 16:19 - 2014-10-28 22:45 - 01198080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
    2015-03-14 16:19 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-14 16:19 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-14 16:19 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
    2015-03-14 16:19 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
    2015-03-14 16:19 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
    2015-03-14 16:19 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
    2015-03-14 16:19 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
    2015-03-14 16:19 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
    2015-03-14 16:19 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-14 16:19 - 2014-10-28 22:03 - 00241152 ____C (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
    2015-03-14 16:19 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-14 16:19 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-14 16:19 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
    2015-03-14 16:19 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
    2015-03-14 16:19 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
    2015-03-14 16:19 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
    2015-03-14 16:19 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
    2015-03-14 16:19 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
    2015-03-14 16:19 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
    2015-03-14 16:19 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
    2015-03-14 16:19 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
    2015-03-14 16:19 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
    2015-03-14 16:19 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
    2015-03-14 16:19 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
    2015-03-14 16:19 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
    2015-03-14 16:19 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
    2015-03-14 16:19 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
    2015-03-14 16:19 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
    2015-03-09 14:12 - 2015-03-20 10:04 - 00000020 _____ () C:\Users\lpmcc_000\AppData\Roaming\appdataFr3.bin
    2015-02-25 03:06 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-25 03:06 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls
    2015-02-25 03:06 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
    2015-02-25 03:06 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
    2015-02-25 03:06 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
    2015-02-25 03:06 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
    2015-02-22 19:55 - 2015-02-22 19:55 - 22724608 _____ () C:\Users\Kevin\Desktop\QDATA_2012_20150104-2015-02-22.QDF-backup
    2015-02-22 18:21 - 2015-03-01 05:17 - 00000000 ____D () C:\Users\Kevin\Documents\Financial
    2015-02-22 12:01 - 2015-03-21 12:01 - 00000000 ____D () C:\Users\Kevin\Documents\My Safes
    2015-02-22 10:53 - 2015-03-21 10:57 - 00000000 ____D () C:\Users\Kevin\AppData\Local\PasswordSafe
    2015-02-22 10:52 - 2015-02-22 10:52 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
    2015-02-22 10:52 - 2015-02-22 10:52 - 00000000 ____D () C:\Program Files (x86)\Password Safe
    2015-02-22 10:37 - 2015-02-22 10:37 - 00000000 ____D () C:\Users\Kevin\Documents\OneNote Notebooks
    2015-02-22 09:49 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
    2015-02-22 09:48 - 2015-02-22 09:48 - 00000000 ____D () C:\Program Files\McAfee.com
    2015-02-22 09:48 - 2015-02-22 09:48 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
    2015-02-22 09:47 - 2015-03-19 17:27 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2015-02-22 09:47 - 2015-02-22 09:49 - 00000000 ____D () C:\Program Files\McAfee
    2015-02-22 09:44 - 2015-02-22 16:00 - 00000000 ____D () C:\ProgramData\McAfee
    2015-02-22 09:44 - 2015-02-22 09:49 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2015-02-22 09:44 - 2014-12-19 11:51 - 00221320 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
    2015-02-22 08:53 - 2015-02-22 08:53 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Intuit_Inc
    2015-02-22 08:27 - 2015-02-22 08:27 - 00000000 ____D () C:\Users\Kevin\AppData\Local\IsolatedStorage
    2015-02-22 08:27 - 2015-02-22 08:27 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Intuit
    2015-02-22 08:21 - 2015-02-22 08:21 - 00000000 ____D () C:\Users\Kevin\Documents\Quicken
    2015-02-22 08:16 - 2015-02-22 13:29 - 00000000 ____D () C:\Program Files (x86)\Quicken
    2015-02-22 08:16 - 2015-02-22 08:16 - 00000126 _____ () C:\Windows\QUICKEN.INI
    2015-02-22 08:16 - 2015-02-22 08:16 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Intuit
    2015-02-22 08:16 - 2015-02-22 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2015
    2015-02-22 08:16 - 2014-09-30 00:45 - 09065688 _____ (Amyuni Technologies Amyuni | Quality PDF Developer Tools for .NET and COM, 64-bit SDK) C:\Windows\system32\cdintf500_64.dll
    2015-02-22 08:16 - 2014-09-30 00:45 - 07280344 _____ (Amyuni Technologies Amyuni | Quality PDF Developer Tools for .NET and COM, 64-bit SDK) C:\Windows\SysWOW64\cdintf500.dll
    2015-02-22 08:15 - 2015-02-22 08:15 - 00000000 ____D () C:\ProgramData\Intuit
    2015-02-22 07:44 - 2015-02-22 07:44 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Mozilla
    2015-02-22 07:44 - 2015-02-22 07:44 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Mozilla
    2015-02-22 07:43 - 2015-03-21 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-22 07:43 - 2015-02-22 07:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-22 07:43 - 2015-02-22 07:43 - 00000000 ____D () C:\ProgramData\Mozilla
    2015-02-22 07:23 - 2015-02-22 07:24 - 00000000 ____D () C:\Program Files (x86)\SaverPrao
    2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Program Files (x86)\Spreed speed read the web
    2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Program Files (x86)\downoloaditkeep
    2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Program Files (x86)\DiscounutLocatoor
    2015-02-21 14:57 - 2015-03-14 22:36 - 00000000 ____D () C:\Program Files (x86)\websaaver
    2015-02-21 14:57 - 2015-03-14 17:47 - 00000000 ____D () C:\ProgramData\2963108574414972075
    2015-02-21 14:40 - 2015-03-21 08:33 - 00000020 _____ () C:\Users\Kevin\AppData\Roaming\appdataFr3.bin
    2015-02-21 03:47 - 2015-03-21 10:17 - 00000000 ____D () C:\Program Files (x86)\icanshop
    2015-02-19 19:16 - 2015-02-19 19:16 - 00000000 __SHD () C:\Users\lpmcc_000\AppData\Local\EmieBrowserModeList

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-21 12:13 - 2015-01-31 22:08 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-21 12:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-03-21 11:54 - 2015-01-31 17:33 - 01964386 _____ () C:\Windows\WindowsUpdate.log
    2015-03-21 11:26 - 2015-01-31 21:25 - 00000312 _____ () C:\Windows\Tasks\UpdaterEX.job
    2015-03-21 11:04 - 2015-01-31 15:39 - 00000000 ____D () C:\Users\Kevin\AppData\Local\VirtualStore
    2015-03-21 10:46 - 2015-01-31 15:57 - 00004976 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for McCoffice-Kevin McCoffice
    2015-03-21 10:27 - 2015-01-31 15:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2823876462-3312237852-4168697733-1001
    2015-03-21 10:22 - 2015-01-31 22:08 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-21 10:22 - 2015-01-31 15:43 - 00000000 __RDO () C:\Users\Kevin\OneDrive
    2015-03-21 10:22 - 2014-03-18 05:53 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-21 10:20 - 2014-08-29 14:18 - 00044467 _____ () C:\Windows\SysWOW64\Gms.log
    2015-03-21 10:18 - 2013-08-22 10:46 - 00025898 _____ () C:\Windows\setupact.log
    2015-03-21 10:17 - 2014-03-18 05:44 - 00014312 _____ () C:\Windows\PFRO.log
    2015-03-21 10:17 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-21 10:17 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-03-21 10:16 - 2015-01-31 21:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\UpdaterEX
    2015-03-21 10:02 - 2015-01-31 15:48 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BB0D65C8-113F-4C0B-B250-116CC74C4CF2}
    2015-03-21 07:10 - 2015-01-31 15:57 - 00003098 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2823876462-3312237852-4168697733-1001
    2015-03-20 10:27 - 2015-01-31 16:09 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2823876462-3312237852-4168697733-1002
    2015-03-20 10:04 - 2015-01-31 16:05 - 00000000 ___DO () C:\Users\lpmcc_000\OneDrive
    2015-03-20 05:58 - 2015-01-31 15:51 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-18 17:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
    2015-03-15 08:34 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-03-14 17:45 - 2015-02-18 18:51 - 00003592 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2015-03-14 17:44 - 2015-02-18 18:51 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
    2015-03-14 17:26 - 2013-08-22 10:44 - 00492000 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-14 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
    2015-03-14 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-03-14 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-03-14 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-03-14 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
    2015-03-14 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-03-14 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-03-14 17:03 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-03-14 17:02 - 2015-02-02 18:00 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-14 16:59 - 2015-02-02 18:00 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-03-14 16:12 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-03-14 16:08 - 2015-01-31 16:07 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{66A7A489-5423-4469-A2F2-A7EA81531D6E}
    2015-03-04 17:24 - 2015-02-03 05:45 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-04 17:24 - 2015-02-03 05:45 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-26 06:27 - 2014-08-23 15:20 - 00000000 ___HD () C:\DELL
    2015-02-22 09:48 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
    2015-02-21 14:40 - 2015-01-31 15:40 - 00000000 ____D () C:\Users\Kevin\Documents\Bluetooth Folder
    2015-02-21 03:47 - 2015-02-01 08:55 - 00000000 ____D () C:\ProgramData\b3c5f05c00006dfc
    2015-02-19 19:35 - 2015-02-02 18:34 - 00000000 ____D () C:\Users\lpmcc_000\AppData\Local\CrashDumps

    ==================== Files in the root of some directories =======

    2015-02-21 14:40 - 2015-03-21 08:33 - 0000020 _____ () C:\Users\Kevin\AppData\Roaming\appdataFr3.bin
    2014-08-29 13:54 - 2014-08-29 13:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-08-29 14:05 - 2014-08-29 14:06 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2014-08-29 14:02 - 2014-08-29 14:03 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2014-08-29 14:03 - 2014-08-29 14:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2014-08-29 14:04 - 2014-08-29 14:05 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2014-08-29 14:01 - 2014-08-29 14:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-20 07:51

    ==================== End Of Log ============================

    ADDITION.TXT

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Kevin at 2015-03-21 12:13:27
    Running from C:\Users\Kevin\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Bookmark (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version: - "") <==== ATTENTION
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    deali4real (HKLM-x32\...\{2FA77785-00C3-A920-6452-D4FE5C9C129F}) (Version: - "")
    Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
    Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    DELLOSD (HKLM-x32\...\{AC950530-9F3B-4D94-8BEF-C84A77869AF4}) (Version: 1.0.0.0 - DELL)
    Extended Update (HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    icanshop (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3a73c61c}) (Version: - Software Publisher) <==== ATTENTION
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{92DA2455-E6C9-4EFF-9AFD-07C2C3B185DA}) (Version: 4.2.41.2633 - Intel Corporation)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.207 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.141 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Mozilla Firefox 36.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.3 (x86 en-US)) (Version: 36.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{E481F75F-6859-4DE8-A812-3084F6017501}) (Version: 3.0.08.31 - O2Micro International LTD.)
    O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.08.31 - O2Micro International LTD.) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Password Safe (HKLM-x32\...\Password Safe) (Version: - )
    ProoShopPierr (HKLM-x32\...\{8F213470-964F-4092-6B31-BC7570F31B5A}) (Version: - ProShopper) <==== ATTENTION
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications)
    Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.4.19 - Intuit)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
    ttopbUyero (HKLM-x32\...\{FE139F4C-CE5B-121A-8A2D-191FA2226094}) (Version: - "") <==== ATTENTION

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kevin\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    25-02-2015 04:45:48 Windows Update
    08-03-2015 06:13:35 Scheduled Checkpoint
    14-03-2015 16:57:17 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0FC4CEAF-DC20-43CC-953B-C89901C54FCD} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {2B320387-F6D7-4017-B368-BEA7D5D90C68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
    Task: {316BA227-A35D-4743-80E5-4BF1B3391159} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {3ABADF16-2365-4CCC-8BAA-6F79165B1E5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
    Task: {4A073256-08FA-4A76-B6F6-BBEF205D949D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2823876462-3312237852-4168697733-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
    Task: {5224BC7D-72E5-4FB7-A635-0B13181A9BB5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
    Task: {67F47F56-566A-4D70-BE7D-B162909F1BD3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-14] (Microsoft Corporation)
    Task: {81B111E2-E088-4A13-A7CE-B3EDAD3B64D2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {92D560AF-D7CA-4484-9484-F15854978F69} - System32\Tasks\UpdaterEX => C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {92E5D009-31BB-4B83-BDF9-E7E2372A1C53} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {A8C3E597-6559-410A-A73C-48259624382B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
    Task: {ACAFFB4A-5B95-4B7D-B78A-866BB83274DF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
    Task: {B3F8DBC6-C160-484F-8B83-F9DE51F9B83E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
    Task: {D1D3C4CB-CB51-4065-9FAE-6F83C97D2697} - System32\Tasks\Microsoft Office 15 Sync Maintenance for McCoffice-Kevin McCoffice => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
    Task: {D88ADF99-8774-4F23-A07C-023491B983C2} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2015-01-31 15:51 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-08-29 14:09 - 2013-12-27 17:12 - 00147456 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    2013-11-07 20:12 - 2013-11-07 20:12 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-11-07 20:12 - 2013-11-07 20:12 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-11-07 20:12 - 2013-11-07 20:12 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2014-08-29 14:09 - 2013-12-27 17:00 - 00540672 _____ () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
    2015-03-18 16:25 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-11-29 02:19 - 2013-11-29 02:19 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-11-29 02:16 - 2013-11-29 02:16 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
    2013-11-29 02:22 - 2013-11-29 02:22 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    2014-04-03 19:48 - 2014-04-03 19:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-01-31 21:20 - 2015-01-31 21:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2015-01-31 21:17 - 2015-01-31 21:17 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2014-08-29 14:02 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2015-01-31 22:08 - 2015-01-26 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
    2015-01-31 22:08 - 2015-01-26 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
    2015-01-31 22:08 - 2015-01-26 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
    2015-02-06 10:47 - 2015-02-03 13:22 - 14964912 _____ () C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Kevin\OneDrive:ms-properties
    AlternateDataStreams: C:\Users\lpmcc_000\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2823876462-3312237852-4168697733-500 - Administrator - Disabled)
    Guest (S-1-5-21-2823876462-3312237852-4168697733-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2823876462-3312237852-4168697733-1004 - Limited - Enabled)
    Kevin (S-1-5-21-2823876462-3312237852-4168697733-1001 - Administrator - Enabled) => C:\Users\Kevin
    lpmcc_000 (S-1-5-21-2823876462-3312237852-4168697733-1002 - Limited - Enabled) => C:\Users\lpmcc_000

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/19/2015 10:21:14 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
    Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

    Error: (03/14/2015 05:27:45 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

    Error: (03/14/2015 05:27:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

    Error: (02/25/2015 04:58:25 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MCCOFFICE)
    Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

    Error: (02/21/2015 02:36:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (02/21/2015 03:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (02/19/2015 07:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
    Faulting module name: igd10iumd32.dll, version: 10.18.10.3379, time stamp: 0x52b20a9b
    Exception code: 0xc0000005
    Fault offset: 0x000e1233
    Faulting process id: 0x3b14
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (02/19/2015 07:30:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 4280

    Start Time: 01d04c9b7e8e2156

    Termination Time: 62

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id: 424d014a-b88f-11e4-8261-645a04cfb619

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/19/2015 04:02:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program BackgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 11d8

    Start Time: 01d04bce52382b33

    Termination Time: 4294967295

    Application Path: C:\Windows\System32\BackgroundTaskHost.exe

    Report Id: 9b340faa-b80d-11e4-8261-645a04cfb619

    Faulting package full name: Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: AppexNews

    Error: (02/19/2015 04:02:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program BackgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: bcc

    Start Time: 01d04bce523a8cec

    Termination Time: 4294967295

    Application Path: C:\Windows\System32\BackgroundTaskHost.exe

    Report Id: 9b3436ba-b80d-11e4-8261-645a04cfb619

    Faulting package full name: Microsoft.BingFinance_3.0.4.298_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: AppexFinance


    System errors:
    =============
    Error: (03/21/2015 10:18:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the icanshop service to connect.

    Error: (03/20/2015 05:48:42 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

    Error: (03/15/2015 05:23:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

    Error: (03/08/2015 07:20:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

    Error: (02/22/2015 07:58:36 PM) (Source: DCOM) (EventID: 10010) (User: MCCOFFICE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (02/22/2015 07:58:36 PM) (Source: DCOM) (EventID: 10010) (User: MCCOFFICE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (02/22/2015 09:51:46 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/21/2015 02:57:36 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}

    Error: (02/17/2015 11:52:07 PM) (Source: DCOM) (EventID: 10010) (User: MCCOFFICE)
    Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

    Error: (02/17/2015 11:52:07 PM) (Source: DCOM) (EventID: 10010) (User: MCCOFFICE)
    Description: {3EB3C877-1F16-487C-9050-104DBCD66683}


    Microsoft Office Sessions:
    =========================
    Error: (03/19/2015 10:21:14 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
    Description: 0x8898008d

    Error: (03/14/2015 05:27:45 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

    Error: (03/14/2015 05:27:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

    Error: (02/25/2015 04:58:25 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MCCOFFICE)
    Description: 3C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEMicrosoft Office Document Cache Sync Client Interface023172368243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000

    Error: (02/21/2015 02:36:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (02/21/2015 03:47:33 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (02/19/2015 07:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.174165452eed9igd10iumd32.dll10.18.10.337952b20a9bc0000005000e12333b1401d04c9c51943279C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\igd10iumd32.dlle7ebd7ba-b88f-11e4-8261-645a04cfb619

    Error: (02/19/2015 07:30:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: IEXPLORE.EXE11.0.9600.17416428001d04c9b7e8e215662C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE424d014a-b88f-11e4-8261-645a04cfb619

    Error: (02/19/2015 04:02:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: BackgroundTaskHost.exe6.3.9600.1638411d801d04bce52382b334294967295C:\Windows\System32\BackgroundTaskHost.exe9b340faa-b80d-11e4-8261-645a04cfb619Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbweAppexNews

    Error: (02/19/2015 04:02:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: BackgroundTaskHost.exe6.3.9600.16384bcc01d04bce523a8cec4294967295C:\Windows\System32\BackgroundTaskHost.exe9b3436ba-b80d-11e4-8261-645a04cfb619Microsoft.BingFinance_3.0.4.298_x64__8wekyb3d8bbweAppexFinance

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,
    First

    Please remove these programs listed below:
    • Bookmark
    • Extended Update
    • icanshop
    • ProoShopPierr
    • ttopbUyero


    If a program will not remove, move to the next instruction please.

    Next
    Farber Recovery Scanner needs to be running fron the desktop. You have it in the downloads folder. Please move to desktop

    To do that:
    • Navagate to your downloads folder-->C:\Users\Kevin\Downloads
    • In the downloads folder find FRST
    • Right click on it,Choose cut
    • Go back to the desktop.
    • On an empty space right click, choose paste.
    • Farber will now have been successfully moved to desktop.


    Now
    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad. Just whats in the box, not the word code, carefully getting it all.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    SearchScopes: HKLM -> DefaultScope {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001 -> DefaultScope {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001 -> {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    BHO: ttopbUyero -> {d4db9cd6-00a3-46e8-973c-ff235f5b5414} -> C:\Program Files (x86)\ttopbUyero\koZ6x1Qpl49Nyd.x64.dll [2015-03-14] ()
    BHO: ProoShopPierr -> {ee6759d8-3bf4-4223-b4bf-30b1c10b48cf} -> C:\Program Files (x86)\ProoShopPierr\vOeoTkGrRw1iKF.x64.dll [2015-03-14] ()
    BHO-x32: ttopbUyero -> {d4db9cd6-00a3-46e8-973c-ff235f5b5414} -> C:\Program Files (x86)\ttopbUyero\koZ6x1Qpl49Nyd.dll No File
    BHO-x32: ProoShopPierr -> {ee6759d8-3bf4-4223-b4bf-30b1c10b48cf} -> C:\Program Files (x86)\ProoShopPierr\vOeoTkGrRw1iKF.dll No File
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
    c:\program files\dell\supportassist\pcdsrvc_x64.pkms 
    2015-03-14 17:47 - 2015-03-21 09:38 - 00000000 ____D () C:\Program Files (x86)\ttopbUyero
    2015-03-14 17:47 - 2015-03-21 09:38 - 00000000 ____D () C:\Program Files (x86)\ProoShopPierr
    2015-03-14 17:47 - 2015-03-14 22:36 - 00000000 ____D () C:\Program Files (x86)\Bookmark
    2015-03-14 17:47 - 2015-03-14 22:35 - 00000000 ____D () C:\Program Files (x86)\deali4real
    2015-03-14 17:45 - 2015-03-14 17:45 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
    C:\Program Files (x86)\ttopbUyero
    C:\Program Files (x86)\ProoShopPierr
    C:\Program Files (x86)\Bookmark
    C:\Program Files (x86)\deali4real
    C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
    2015-02-22 07:23 - 2015-02-22 07:24 - 00000000 ____D () C:\Program Files (x86)\SaverPrao
    2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Program Files (x86)\Spreed speed read the web
    2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Program Files (x86)\downoloaditkeep
    2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Program Files (x86)\DiscounutLocatoor
    2015-02-21 14:57 - 2015-03-14 22:36 - 00000000 ____D () C:\Program Files (x86)\websaaver
    2015-02-21 14:57 - 2015-03-14 17:47 - 00000000 ____D () C:\ProgramData\2963108574414972075
    C:\Program Files (x86)\SaverPrao
    C:\Program Files (x86)\Spreed speed read the web
    C:\Program Files (x86)\downoloaditkeep
    C:\Program Files (x86)\DiscounutLocatoor
    C:\ProgramData\2963108574414972075
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {92D560AF-D7CA-4484-9484-F15854978F69} - System32\Tasks\UpdaterEX => C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE 
    C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
    CMD: ipconfig /flushdns
    hosts:
    Emptytemp:
    end
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


    Please post the Fixlog.txt in your next reply. That log will be on the desktop after the fix runs.

    Joe

  6. #6
    Member
    Join Date
    Aug 2004
    Posts
    27
    Points
    0

    Default

    Here is the fixlog.txt.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by Kevin at 2015-03-21 16:39:07 Run:1
    Running from C:\Users\Kevin\Desktop
    Loaded Profiles: Kevin (Available profiles: Kevin & lpmcc_000)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\MICROSOFT\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.MSN.com/?pc=DCJB
    SearchScopes: HKLM -> DefaultScope {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001 -> DefaultScope {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001 -> {4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0ByEzztAtC0B0C0DyB0BtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtAyCyDzztCyByEtG0DyC0CyCtGyBzz0AtCtG0F0AtD0EtGtBzyyCtAyE0A0FtB0EtByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AtB0AyDtD0EtCtG0AtDtC0DtGyE0CtCtDtGzy0DyEyBtG0E0B0DyDtAtD0FtB0DtC0Azy2Q&cr=1955929839&ir=
    SearchScopes: HKU\S-1-5-21-2823876462-3312237852-4168697733-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    BHO: ttopbUyero -> {d4db9cd6-00a3-46e8-973c-ff235f5b5414} -> C:\Program Files (x86)\ttopbUyero\koZ6x1Qpl49Nyd.x64.dll [2015-03-14] ()
    BHO: ProoShopPierr -> {ee6759d8-3bf4-4223-b4bf-30b1c10b48cf} -> C:\Program Files (x86)\ProoShopPierr\vOeoTkGrRw1iKF.x64.dll [2015-03-14] ()
    BHO-x32: ttopbUyero -> {d4db9cd6-00a3-46e8-973c-ff235f5b5414} -> C:\Program Files (x86)\ttopbUyero\koZ6x1Qpl49Nyd.dll No File
    BHO-x32: ProoShopPierr -> {ee6759d8-3bf4-4223-b4bf-30b1c10b48cf} -> C:\Program Files (x86)\ProoShopPierr\vOeoTkGrRw1iKF.dll No File
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\DELL\supportassist\pcdsrvc_x64.pkms [X]
    c:\program files\dell\supportassist\pcdsrvc_x64.pkms
    2015-03-14 17:47 - 2015-03-21 09:38 - 00000000 ____D () C:\Program Files (x86)\ttopbUyero
    2015-03-14 17:47 - 2015-03-21 09:38 - 00000000 ____D () C:\Program Files (x86)\ProoShopPierr
    2015-03-14 17:47 - 2015-03-14 22:36 - 00000000 ____D () C:\Program Files (x86)\Bookmark
    2015-03-14 17:47 - 2015-03-14 22:35 - 00000000 ____D () C:\Program Files (x86)\deali4real
    2015-03-14 17:45 - 2015-03-14 17:45 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
    C:\Program Files (x86)\ttopbUyero
    C:\Program Files (x86)\ProoShopPierr
    C:\Program Files (x86)\Bookmark
    C:\Program Files (x86)\deali4real
    C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
    2015-02-22 07:23 - 2015-02-22 07:24 - 00000000 ____D () C:\Program Files (x86)\SaverPrao
    2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Program Files (x86)\Spreed speed read the web
    2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Program Files (x86)\downoloaditkeep
    2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Program Files (x86)\DiscounutLocatoor
    2015-02-21 14:57 - 2015-03-14 22:36 - 00000000 ____D () C:\Program Files (x86)\websaaver
    2015-02-21 14:57 - 2015-03-14 17:47 - 00000000 ____D () C:\ProgramData\2963108574414972075
    C:\Program Files (x86)\SaverPrao
    C:\Program Files (x86)\Spreed speed read the web
    C:\Program Files (x86)\downoloaditkeep
    C:\Program Files (x86)\DiscounutLocatoor
    C:\ProgramData\2963108574414972075
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {92D560AF-D7CA-4484-9484-F15854978F69} - System32\Tasks\UpdaterEX => C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
    C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
    CMD: ipconfig /flushdns
    hosts:
    Emptytemp:
    end
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1}" => Key deleted successfully.
    HKCR\CLSID\{4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1}" => Key deleted successfully.
    HKCR\CLSID\{4FBEE0EF-DA96-4972-A0A9-AF3C0B3EE1E1} => Key not found.
    "HKU\S-1-5-21-2823876462-3312237852-4168697733-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
    HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4db9cd6-00a3-46e8-973c-ff235f5b5414}" => Key deleted successfully.
    "HKCR\CLSID\{d4db9cd6-00a3-46e8-973c-ff235f5b5414}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee6759d8-3bf4-4223-b4bf-30b1c10b48cf}" => Key deleted successfully.
    "HKCR\CLSID\{ee6759d8-3bf4-4223-b4bf-30b1c10b48cf}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4db9cd6-00a3-46e8-973c-ff235f5b5414}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{d4db9cd6-00a3-46e8-973c-ff235f5b5414}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee6759d8-3bf4-4223-b4bf-30b1c10b48cf}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{ee6759d8-3bf4-4223-b4bf-30b1c10b48cf}" => Key deleted successfully.
    Firefox SearchEngineOrder.1 deleted successfully.
    Firefox SelectedSearchEngine deleted successfully.
    PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Service deleted successfully.
    c:\program files\dell\supportassist\pcdsrvc_x64.pkms => Moved successfully.
    C:\Program Files (x86)\ttopbUyero => Moved successfully.
    C:\Program Files (x86)\ProoShopPierr => Moved successfully.
    C:\Program Files (x86)\Bookmark => Moved successfully.
    C:\Program Files (x86)\deali4real => Moved successfully.
    C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531} => Moved successfully.
    "C:\Program Files (x86)\ttopbUyero" => File/Directory not found.
    "C:\Program Files (x86)\ProoShopPierr" => File/Directory not found.
    "C:\Program Files (x86)\Bookmark" => File/Directory not found.
    "C:\Program Files (x86)\deali4real" => File/Directory not found.
    "C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}" => File/Directory not found.
    C:\Program Files (x86)\SaverPrao => Moved successfully.
    C:\Program Files (x86)\Spreed speed read the web => Moved successfully.
    C:\Program Files (x86)\downoloaditkeep => Moved successfully.
    C:\Program Files (x86)\DiscounutLocatoor => Moved successfully.
    C:\Program Files (x86)\websaaver => Moved successfully.
    C:\ProgramData\2963108574414972075 => Moved successfully.
    "C:\Program Files (x86)\SaverPrao" => File/Directory not found.
    "C:\Program Files (x86)\Spreed speed read the web" => File/Directory not found.
    "C:\Program Files (x86)\downoloaditkeep" => File/Directory not found.
    "C:\Program Files (x86)\DiscounutLocatoor" => File/Directory not found.
    "C:\ProgramData\2963108574414972075" => File/Directory not found.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeaack" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeavfk" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefire" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfemms" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp" => Key deleted successfully.
    C:\Windows\Tasks\UpdaterEX.job => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92D560AF-D7CA-4484-9484-F15854978F69}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D560AF-D7CA-4484-9484-F15854978F69}" => Key deleted successfully.
    C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
    "C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE" => File/Directory not found.
    "C:\Users\Kevin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE" => File/Directory not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 1.1 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 16:42:11 ====
    Have a GREAT Day!
    Cocimon

  7. #7
    Member
    Join Date
    Aug 2004
    Posts
    27
    Points
    0

    Default

    Joe, thought things were looking good but then I got some of the same activity. I have some JPEGS of the stuff that is poping up if that would help.

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Just got started lots to do yet....

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;

    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log


    Thanks
    Joe

  9. #9
    Member
    Join Date
    Aug 2004
    Posts
    27
    Points
    0

    Default

    Joe, I downloaded and ran adwcleaner.exe, and then clicked SCAN. Walked away, came back in a couple minutes and the application indicates "Waiting for Action. Please uncheck elements you want to keep. " I don't see a REPORT button. What should I do?
    Have a GREAT Day!
    Cocimon

  10. #10
    Member
    Join Date
    Aug 2004
    Posts
    27
    Points
    0

    Default

    Note, there is a LOGFILE button
    Have a GREAT Day!
    Cocimon

Page 1 of 5 123 ... LastLast