Jump to content

CDG2016

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by CDG2016

  1. <?xml version="1.0" encoding="UTF-8"?> -<logs> <record toVersion="2016.9.13.1" name="IP Database" last_modified_tag="6d4c6336-6e63-40b5-a35e-555d59f19fdb" fromVersion="2016.9.10.1" systemname="RTK-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-09-13T06:43:25.106069-07:00" LoggingEventType="1" severity="debug"/> <record toVersion="2016.9.13.1" name="Domain Database" last_modified_tag="919eeac0-55bc-41a1-a942-f85c98501b2b" fromVersion="2016.9.10.1" systemname="RTK-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-09-13T06:43:27.414873-07:00" LoggingEventType="1" severity="debug"/> <record toVersion="2016.9.13.8" name="Malware Database" last_modified_tag="78ede3b6-2cc4-4f85-9832-0b705f53a19a" fromVersion="2016.9.10.7" systemname="RTK-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-09-13T06:43:37.508090-07:00" LoggingEventType="1" severity="debug"/> <record last_modified_tag="cff80d6f-043e-4449-8066-06b604989430" systemname="RTK-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2016-09-13T07:15:56.368907-07:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="1929" starttime="2016-09-13T06:43:47-07:00" scantype="threat"/> </logs> <?xml version="1.0" encoding="UTF-16"?> -<mbam-log> -<header> <date>2016/09/13 06:43:47 -0700</date> <logfile>mbam-log-2016-09-13 (06-43-43).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.2.1.1043</version> <malware-database>v2016.09.13.08</malware-database> <rootkit-database>v2016.08.15.01</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <hostname>RTK-PC</hostname> <ip>10.0.0.178</ip> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>doug</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>345746</objects> <time>1929</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>enabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> </items> </mbam-log> How does this look? seems to be running good.....
  2. This XML file does not appear to have any style information associated with it. The document tree is shown below. <logs> <record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:25.153256-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.12.1" last_modified_tag="356eeb72-4dbf-499b-a089-a1b7ee534bea" name="Remediation Database" toVersion="2016.8.31.1"/> <record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:25.231257-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.8.1" last_modified_tag="7bfcd6e1-5ae8-4671-b4a6-bffa7c92bf33" name="Rootkit Database" toVersion="2016.8.15.1"/> <record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:25.293657-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.8.1" last_modified_tag="42869fc4-90ff-4773-9fda-31adc7c038bc" name="IP Database" toVersion="2016.9.10.1"/> <record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:26.058058-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.16.8" last_modified_tag="881c0dd7-7842-4812-a30a-8071f09ec4ce" name="Domain Database" toVersion="2016.9.10.1"/> <record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:29.380864-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.16.6" last_modified_tag="e9378dee-0ae9-446e-8191-63ad93504668" name="Malware Database" toVersion="2016.9.10.6"/> <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2016-09-10T11:03:13-07:00" datetime="2016-09-10T11:55:27.023722-07:00" source="Manual" type="Scan" username="SYSTEM" systemname="RTK-PC"last_modified_tag="ede34847-a143-4b15-8cad-15c42a951358" duration="2525" malwaredetections="2" nonmalwaredetections="1" scanresult="completed"/> <record severity="debug" LoggingEventType="1" datetime="2016-09-10T12:06:09.150634-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" code="No Internet connection detected" last_modified_tag="df53a4fc-44c5-4c9c-88f0-06227219402e" message="Failed"/> </logs> Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/10/2016 Scan Time: 11:03 AM Logfile: scanlog20160910.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.10.06 Rootkit Database: v2016.08.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: doug Scan Type: Threat Scan Result: Completed Objects Scanned: 355442 Time Elapsed: 42 min, 5 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 3 Trojan.Agent, C:\Program Files (x86)\Google\Chrome\Application\chrome.dll, Quarantined, [add12b45f2a844f234d0d6ac38c9f10f], Trojan.Downloader, C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll, Quarantined, [2c520a66f8a2f046e47613f4e918b14f], PUP.Optional.TerraClicks.ShrtCln, C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (www.terraclicks.com), Replaced,[e19d7af65b3fdd5920b1455a7292bd43] Physical Sectors: 0 (No malicious items detected) (end) Thank you so much for all you do!!!!! Let me know whats next....
  3. # AdwCleaner v6.010 - Logfile created 07/09/2016 at 19:45:08 # Updated on 12/08/2016 by ToolsLib # Database : 2016-08-24.2 [Local] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : doug - RTK-PC # Running from : C:\Users\doug\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Program Files (x86)\GamingWonderlandEI [-] Folder deleted: C:\Program Files (x86)\PopularScreensavers [-] Folder deleted: C:\Users\doug\AppData\Local\iac [#] Folder deleted on reboot: C:\Users\doug\AppData\Local\IAC [-] Folder deleted: C:\Users\doug\AppData\LocalLow\AskToolbar [-] Folder deleted: C:\Users\doug\AppData\LocalLow\AVG Secure Search [-] Folder deleted: C:\Users\doug\AppData\LocalLow\Conduit [-] Folder deleted: C:\Users\doug\AppData\LocalLow\iac [-] Folder deleted: C:\Users\doug\AppData\LocalLow\Inbox Toolbar [-] Folder deleted: C:\Users\doug\AppData\LocalLow\wiseconvert [#] Folder deleted on reboot: C:\Users\doug\AppData\LocalLow\IAC [-] Folder deleted: C:\Users\doug\AppData\Roaming\Babylon [-] Folder deleted: C:\Users\doug\AppData\Roaming\BabylonToolbar [-] Folder deleted: C:\Users\doug\AppData\Roaming\iWin [-] Folder deleted: C:\Users\doug\AppData\Roaming\quickclick [-] Folder deleted: C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy [-] Folder deleted: C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar [-] Folder deleted: C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts [-] Folder deleted: C:\ProgramData\AVG Secure Search [-] Folder deleted: C:\ProgramData\Babylon [-] Folder deleted: C:\ProgramData\GameTap Web Player [-] Folder deleted: C:\ProgramData\InstallBrainService [-] Folder deleted: C:\ProgramData\Trymedia [#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search [#] Folder deleted on reboot: C:\ProgramData\Application Data\Babylon [#] Folder deleted on reboot: C:\ProgramData\Application Data\GameTap Web Player [#] Folder deleted on reboot: C:\ProgramData\Application Data\InstallBrainService [#] Folder deleted on reboot: C:\ProgramData\Application Data\Trymedia [-] Folder deleted: C:\Users\Public\Documents\iWin [-] Folder deleted: C:\Program Files (x86)\Ask.com [-] Folder deleted: C:\Program Files (x86)\AVG Secure Search [-] Folder deleted: C:\Program Files (x86)\BabylonToolbar [-] Folder deleted: C:\Program Files (x86)\Free Ride Games [-] Folder deleted: C:\Program Files (x86)\GameTap Web Player [#] Folder deleted on reboot: C:\Program Files (x86)\PopularScreensavers [-] Folder deleted: C:\Program Files (x86)\System Optimizer Pro [-] Folder deleted: C:\Program Files (x86)\wiseconvert [-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search [-] Folder deleted: C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} ***** [ Files ] ***** [-] File deleted: C:\Users\doug\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml [-] File deleted: C:\END [-] File deleted: C:\Users\Public\Desktop\eBay.lnk ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\GamingWonderlandEI [#] Key deleted on reboot: HKLM\SOFTWARE\GamingWonderlandEI_is1 [-] Key deleted: HKLM\SOFTWARE\PopularScreensavers [#] Key deleted on reboot: HKLM\SOFTWARE\PopularScreensavers_is1 [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@popularscreensavers.com/Plugin [-] Key deleted: HKLM\SOFTWARE\1a5af83f-76b0-5dd0-fd9c-32d583e49025 [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6818868a-1b3d-4e35-a561-fa964a96cd3b} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79e57afa-bc05-4636-9457-fbc0abb3576b} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9193e23b-4182-493f-a38e-682307a7c463} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e1f80eb5-8af4-410d-87c1-4f3e2776822a} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79} [#] Key deleted on reboot: {0953a3a2-9223-4990-a1c9-efb4d4686ef2} [#] Key deleted on reboot: {61588674-DE5D-416E-8F66-7AA6128A3669} [-] Key deleted: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1 [-] Key deleted: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd [-] Key deleted: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA} [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} [-] Key deleted: HKCU\Software\Classes\CLSID\{5FDB0CD8-5760-44D1-8D13-A78BF558C3C7} [-] Key deleted: HKCU\Software\Classes\CLSID\{A8625CB7-85FE-4936-92A4-B2A7C925209E} [-] Key deleted: HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88} [-] Key deleted: HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A} [-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A93C934-025B-4C3A-B38E-9654A7003239} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6} [-] Key deleted: [x64] HKLM\SOFTWARE\System Optimizer Pro [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEARCHPROTECT [-] Key deleted: HKU\.DEFAULT\Software\AskToolbar [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\APN [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Ask.com [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Conduit [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\ContentExplorer [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\WeatherAlerts [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\AppDataLow\Software\AskToolbar [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\AppDataLow\Software\Freecause [#] Key deleted on reboot: HKU\S-1-5-18\Software\AskToolbar [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar [#] Key deleted on reboot: HKCU\Software\APN [#] Key deleted on reboot: HKCU\Software\Ask.com [#] Key deleted on reboot: HKCU\Software\Conduit [#] Key deleted on reboot: HKCU\Software\ContentExplorer [#] Key deleted on reboot: HKCU\Software\WeatherAlerts [#] Key deleted on reboot: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\AskToolbar [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Freecause [-] Key deleted: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} [-] Key deleted: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [-] Key deleted: HKLM\SOFTWARE\APN [-] Key deleted: HKLM\SOFTWARE\AskToolbar [-] Key deleted: HKLM\SOFTWARE\Conduit [-] Key deleted: HKLM\SOFTWARE\Trymedia Systems [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD04C21DD7DC68D42958E5F22E63394E [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B501B6E56F182443979D1DFA8309BD4 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9 [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\BD04C21DD7DC68D42958E5F22E63394E [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\8B501B6E56F182443979D1DFA8309BD4 [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\8B501B6E56F182443979D1DFA8309BD4 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\BD04C21DD7DC68D42958E5F22E63394E [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\8B501B6E56F182443979D1DFA8309BD4 [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9 [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F4BA6FE-1999-419B-9084-CAAEE755D70E} [-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F4BA6FE-1999-419B-9084-CAAEE755D70E} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL ***** [ Web browsers ] ***** [-] [aol.com] [Search Provider] Deleted: aol.com [-] [ask.com] [Search Provider] Deleted: ask.com [-] [trovi.search] [Search Provider] Deleted: trovi.search [-] [start.mysearchdial.com] [Search Provider] Deleted: start.mysearchdial.com [-] [mysearchdial.com] [Search Provider] Deleted: mysearchdial.com [-] [C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: afjegdojkkoghnbiollpogeeimocanmk [-] [C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl [-] [C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb [-] [C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ogminpmldncgcmokldnmmapddoccmhfl ************************* :: "Tracing" keys deleted ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [20132 Bytes] - [07/09/2016 19:45:08] C:\AdwCleaner\AdwCleaner[S0].txt - [19670 Bytes] - [07/09/2016 19:43:46] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [20280 Bytes] ##########
  4. Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by doug (07-09-2016 19:38:06) Run:1 Running from E:\ Loaded Profiles: doug (Available Profiles: doug) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** start HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {AB0B2C91-B824-40B9-A2DC-175A02A8F443} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYUTUS&apn_uid=cec81260-db6e-4fed-a298-43d5962899e8&apn_sauid=258CEDD4-837C-4AD6-9297-2454A228FE2E SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://www.ask.com/web?l=dis&o=APN10022&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A4D&apn_uid=2454202215194023&p2=^A4D^YYYYYY^YY^US&q={searchTerms} BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) Toolbar: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> No Name - {4FE80DBA-DD5F-4914-BCBA-C189BF3A1691} - No File CHR HomePage: Default -> hxxp://start.mysearchdial.com/?f=1&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzuyCyEtByBtAyByCzz0EtD0CyEzzyC0DyEtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyDyByE0EtBtDyB0CtG0D0AyCyDtG0F0EyBzztGyDtAtA0BtGtB0Dzz0E0FyC0BtA0DzytAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyDyB0EyDzzzytGyBzz0C0DtGtByEtAyBtGtDyE0B0BtGyEyDzytDzy0ByC0FzyyC0Fzy2Q&cr=571709270&ir= CHR DefaultSearchURL: Default -> hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzuyCyEtByBtAyByCzz0EtD0CyEzzyC0DyEtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyDyByE0EtBtDyB0CtG0D0AyCyDtG0F0EyBzztGyDtAtA0BtGtB0Dzz0E0FyC0BtA0DzytAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyDyB0EyDzzzytGyBzz0C0DtGtByEtAyBtGtDyE0B0BtGyEyDzytDzy0ByC0FzyyC0Fzy2Q&cr=571709270&ir= CHR DefaultSearchKeyword: Default -> mysearchdial.com CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll => No File CHR HKLM-x32\...\Chrome\Extension: [hpflffkopmgalfhfholanbnhoiblmajp] - C:\Program Files (x86)\GamingWonderland Chrome Extension\bar\GamingWonderland@mindspark.com.gen1 <not found> 2016-08-23 21:33 - 2015-02-25 18:36 - 00000000 ____D C:\Program Files (x86)\SeekerInit 2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\saferweeb 2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\FineDealaSoft 2016-08-23 20:59 - 2015-04-08 10:26 - 00000000 ____D C:\Program Files (x86)\SaveRnuett 2016-08-23 20:59 - 2015-03-21 01:28 - 00000000 ____D C:\Program Files (x86)\deal4rreale 2016-08-23 20:59 - 2015-03-21 01:27 - 00000000 ____D C:\Program Files (x86)\FineDealSoftt 2016-08-23 20:59 - 2015-02-26 06:56 - 00000000 ____D C:\Program Files (x86)\dowwnloaditkeepa 2016-08-23 20:59 - 2015-02-26 06:56 - 00000000 ____D C:\Program Files (x86)\CoupSCannuer 2016-08-23 20:59 - 2014-12-26 14:37 - 00000000 ____D C:\ProgramData\Browser 2016-08-23 20:59 - 2014-06-19 17:01 - 00000000 ____D C:\Program Files (x86)\TidyNetwork Task: {00FB1772-4A5F-4271-88F5-1C9797C5E7CD} - \MySearchDial -> No File <==== ATTENTION Task: {76DEAA87-00D4-4C85-B810-232A33C2A0D4} - \Super Optimizer Schedule -> No File <==== ATTENTION Task: {E292F4F3-26CE-4567-824A-2215819575DB} - \TidyNetwork Update -> No File <==== ATTENTION Task: {E4361C46-6D43-4135-8572-FC6D0ABF9941} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION Task: {E6B9F6E6-955E-40C4-A532-911B4E4E407E} - \CandyUpdater -> No File <==== ATTENTION EmptyTemp: end ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value removed successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully "HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB0B2C91-B824-40B9-A2DC-175A02A8F443}" => key removed successfully HKCR\CLSID\{AB0B2C91-B824-40B9-A2DC-175A02A8F443} => key not found. "HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}" => key removed successfully HKCR\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully "HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4FE80DBA-DD5F-4914-BCBA-C189BF3A1691} => value removed successfully HKCR\CLSID\{4FE80DBA-DD5F-4914-BCBA-C189BF3A1691} => key not found. Chrome HomePage => removed successfully Chrome DefaultSearchURL => removed successfully Chrome DefaultSearchKeyword => removed successfully C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll => not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hpflffkopmgalfhfholanbnhoiblmajp" => key removed successfully C:\Program Files (x86)\SeekerInit => moved successfully C:\Program Files (x86)\saferweeb => moved successfully C:\Program Files (x86)\FineDealaSoft => moved successfully C:\Program Files (x86)\SaveRnuett => moved successfully C:\Program Files (x86)\deal4rreale => moved successfully C:\Program Files (x86)\FineDealSoftt => moved successfully C:\Program Files (x86)\dowwnloaditkeepa => moved successfully C:\Program Files (x86)\CoupSCannuer => moved successfully C:\ProgramData\Browser => moved successfully C:\Program Files (x86)\TidyNetwork => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00FB1772-4A5F-4271-88F5-1C9797C5E7CD}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00FB1772-4A5F-4271-88F5-1C9797C5E7CD}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76DEAA87-00D4-4C85-B810-232A33C2A0D4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76DEAA87-00D4-4C85-B810-232A33C2A0D4}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E292F4F3-26CE-4567-824A-2215819575DB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E292F4F3-26CE-4567-824A-2215819575DB}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4361C46-6D43-4135-8572-FC6D0ABF9941}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4361C46-6D43-4135-8572-FC6D0ABF9941}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6B9F6E6-955E-40C4-A532-911B4E4E407E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6B9F6E6-955E-40C4-A532-911B4E4E407E}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CandyUpdater => key not found. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23141269 B Java, Flash, Steam htmlcache => 38074 B Windows/system/drivers => 2505027046 B Edge => 0 B Chrome => 49000750 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 66240 B Public => 0 B ProgramData => 0 B systemprofile => 1249513675 B systemprofile32 => 1494498 B LocalService => 0 B NetworkService => 258180 B doug => 33791815 B RecycleBin => 0 B EmptyTemp: => 3.6 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:39:11 ====
  5. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by doug (01-09-2016 07:08:05) Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) (2012-07-09 18:08:04) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2385548519-2828962165-3150370110-500 - Administrator - Disabled) doug (S-1-5-21-2385548519-2828962165-3150370110-1000 - Administrator - Enabled) => C:\Users\doug Guest (S-1-5-21-2385548519-2828962165-3150370110-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2385548519-2828962165-3150370110-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.) Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell) Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell) Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.) Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft) Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps) Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd) Drop (HKLM-x32\...\Drop) (Version: - ) DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.) eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT) InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) InterActual Player (HKLM-x32\...\InterActual Player) (Version: - ) Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle) Java(TM) 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.0.543 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG) SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00FB1772-4A5F-4271-88F5-1C9797C5E7CD} - \MySearchDial -> No File <==== ATTENTION Task: {16E7EC4D-6A97-479A-BFDD-D1BF15A3E6C9} - System32\Tasks\{E2CF7AB4-5C56-485C-B278-D12DA99FA725} => C:\Remote Programs\Murder Island - Secret of Tantalus\GPlrLanc.exe [2012-07-15] (Exent Technologies Ltd.) Task: {1BA18F61-97BA-46CF-9F2C-C29AF0E60710} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy Task: {1DCC5F41-4729-4D71-A5DF-24B99922A575} - System32\Tasks\{9BCE8F22-461D-4EFE-B1FA-7F5F6590D7EA} => C:\Program Files (x86)\GameTanium PC app\GPlrLanc.exe Task: {1FE8F30F-20FB-4060-9472-8A6397A33FE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-26] (Google Inc.) Task: {230722B0-47A4-4302-88DE-9038E07E6189} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {27EA7049-DCB1-4F2D-958E-1FA731442343} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2385548519-2828962165-3150370110-1000 Task: {2CFAC908-0F07-4EDD-84C4-7E915B40192F} - System32\Tasks\{D961B29D-A7A8-4A90-A36C-6C37CC9BF385} => C:\Remote Programs\Murder Island - Secret of Tantalus\GPlrLanc.exe [2012-07-15] (Exent Technologies Ltd.) Task: {3E2752FF-279D-4CD6-96F0-BAB6853E0B08} - System32\Tasks\{4A269BCD-7B3F-4A94-8BB8-FF48F528D071} => C:\Program Files (x86)\GameTanium PC app\GPlrLanc.exe Task: {48C6B500-0C36-4E91-B742-A3E28817DA6D} - System32\Tasks\{D43DBD97-E0DC-4FBD-BE5F-649D9AB2E809} => pcalua.exe -a C:\Users\doug\AppData\Local\TNT2\2.0.0.1812\TNT2User.exe -c /UNINSTALL PARTNER=10963 Task: {70D3BAA5-917E-4BC2-8636-593E27F05C76} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {76DEAA87-00D4-4C85-B810-232A33C2A0D4} - \Super Optimizer Schedule -> No File <==== ATTENTION Task: {8554A568-7D64-41FA-BB37-BC7463D3711C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.) Task: {9062BCD8-4B12-4419-B021-86AA606F841F} - System32\Tasks\{84ABB3CD-DFFC-49A9-A965-C2EB89852928} => C:\Remote Programs\Murder Island - Secret of Tantalus\GPlrLanc.exe [2012-07-15] (Exent Technologies Ltd.) Task: {ACFC5154-3E00-42F3-8135-C3F2AEA2221F} - System32\Tasks\{1A86BE8E-DB99-43FA-96F2-B5AE297305C9} => C:\Program Files (x86)\Free Ride Games\GPlrLanc.exe Task: {B0CCEDA4-9A46-4478-B0E0-255D2A78B23C} - System32\Tasks\{0564740E-71F7-4CBB-92D0-C3240D3D23CD} => C:\Remote Programs\Murder Island - Secret of Tantalus\GPlrLanc.exe [2012-07-15] (Exent Technologies Ltd.) Task: {BA0E7E00-D664-46DC-9364-17F58D36AB8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-26] (Google Inc.) Task: {CE31CA95-2B6D-4BE5-BA5E-B08F91AE1ABE} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15] (Adobe Systems Incorporated) Task: {CEE1698F-ACD5-44C5-A6F0-210108A1E45C} - System32\Tasks\{1E092914-F6DF-4BCD-A48D-A275B2175CDB} => C:\Program Files (x86)\GameTanium PC app\GPlrLanc.exe Task: {E292F4F3-26CE-4567-824A-2215819575DB} - \TidyNetwork Update -> No File <==== ATTENTION Task: {E4361C46-6D43-4135-8572-FC6D0ABF9941} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION Task: {E6B9F6E6-955E-40C4-A532-911B4E4E407E} - \CandyUpdater -> No File <==== ATTENTION Task: {EB493BF5-56F5-44B4-8464-18418E95FEA4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.) Task: {F5579244-75CF-47E1-B2B0-F66B3BBB72CA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{BD3E1717-5220-44DD-A7F3-73E8981E7B4E}\SupportTasks\1\Support.lnk -> hxxp://www.herinteractive.com/prod/car/tech.shtml/ Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{BD3E1717-5220-44DD-A7F3-73E8981E7B4E}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.herinteractive.com/prod/car/index.shtml/ Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{4CC286F9-8822-4185-8B0E-E0E32D965561}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/directory/ Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{4CC286F9-8822-4185-8B0E-E0E32D965561}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.microsoft.com/games/age2/ Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{1EF0603A-6AAD-4E89-8FC6-50C725090AF7}\SupportTasks\0\Support.lnk -> hxxp://support.ubi.com/ ShortcutWithArgument: C:\Users\Public\Desktop\eBay.lnk -> C:\Program Files (x86)\eBay\Browser Launcher.exe (eBay Inc.) -> hxxp://rover.ebay.com/rover/1/711-86042-13409-1/4?mpre=hxxp://ebay.com ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:2313511A [152] AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270] AlternateDataStreams: C:\ProgramData\Temp:2E49D185 [109] AlternateDataStreams: C:\ProgramData\Temp:46DC30C2 [138] AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163] AlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3 [294] AlternateDataStreams: C:\ProgramData\Temp:561B1D2B [176] AlternateDataStreams: C:\ProgramData\Temp:5D351BC6 [168] AlternateDataStreams: C:\ProgramData\Temp:6017A808 [149] AlternateDataStreams: C:\ProgramData\Temp:886133E1 [133] AlternateDataStreams: C:\ProgramData\Temp:A02025CE [173] AlternateDataStreams: C:\ProgramData\Temp:A3F7C8F8 [244] AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [167] AlternateDataStreams: C:\ProgramData\Temp:D92DB12F [136] AlternateDataStreams: C:\ProgramData\Temp:E51234A9 [131] AlternateDataStreams: C:\ProgramData\Temp:E73594F0 [260] AlternateDataStreams: C:\ProgramData\Temp:EE445D7C [129] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\doug\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{68DF8DC0-8D92-4D1C-ABF1-E4C3E61EAD24}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe FirewallRules: [{3813375D-CB39-4857-AD4A-6ED4D83B6E71}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe FirewallRules: [{51726887-4642-426D-93B5-348BDB64CEEE}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe FirewallRules: [{D1AC2250-E4D5-435F-8C59-CB1D8523259A}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe FirewallRules: [{437264ED-C4F7-483E-8E62-278B6A943BBC}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe FirewallRules: [{BC005F2E-4008-4C45-841A-03C8967ABED9}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe FirewallRules: [{DCD51C9F-F23D-4B60-8296-4241350A973C}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe FirewallRules: [{84058E6D-DD01-4B52-8A4D-19867F9CF226}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe FirewallRules: [{F7E83360-D893-4C54-9FBD-C6814402F426}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe FirewallRules: [{A403433D-C7FC-45F3-B372-8282544FFD2F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe FirewallRules: [{693DB5F4-1C01-48A3-8D24-D9824646E990}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe FirewallRules: [{05A0AC6C-FB97-4D6E-966B-3048F8E583BE}] => (Allow) LPort=9700 FirewallRules: [{82A87D8F-E466-435D-83CF-89F351B92EB8}] => (Allow) LPort=9701 FirewallRules: [{50C9314D-4ABB-43E8-9011-6E1233DAE844}] => (Allow) LPort=9702 FirewallRules: [{D800046E-3E1D-46AD-8C14-D551486F7A36}] => (Allow) LPort=9700 FirewallRules: [{BD0E4B9B-C914-45B1-8A56-DD34555FEB78}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe FirewallRules: [{D6CFBA0A-0E5E-45C4-9F4D-72D56FC21186}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe FirewallRules: [{A5B81618-8E10-4FFB-A700-F5F45DB8098B}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe FirewallRules: [{3ACE5212-3C1D-44D6-93F3-989227C62A56}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{999D93D5-BA17-4A0E-8E38-81125479527F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{072710FB-D1D9-46F5-816A-AD3E5B7DBEB1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A5E0B2DC-266D-4ADB-BF87-782833F4760C}] => (Allow) LPort=2869 FirewallRules: [{B268DE29-77DE-4B0A-AA9C-A2611D1B3159}] => (Allow) LPort=1900 FirewallRules: [{90E5363C-5551-44B4-8CBD-7E4F0DB1E549}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{B3D9A117-0132-4C53-A909-165FAAAB0074}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{1EB92F9D-2F64-4EA0-BA57-8B0C0DE668C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{F8B7867A-8E7A-457D-B526-08240DBF8626}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{B9AD8FB6-220D-42CA-B187-69C18DFA4E96}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{DF098CD4-140B-4335-9FE3-32D822E0BF87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 25-02-2015 18:29:12 Windows Defender Checkpoint 25-02-2015 21:44:28 Windows Backup 15-03-2015 19:01:05 Windows Backup 08-04-2015 13:11:23 Windows Backup 15-04-2015 20:02:57 Installed DirectX 19-04-2015 19:00:14 Windows Backup 26-04-2015 19:00:08 Windows Backup 23-08-2016 21:30:34 Windows Backup 23-08-2016 21:43:54 Removed Amnesia - The Dark Descent 23-08-2016 21:47:48 Removed Vampire Brides 23-08-2016 21:48:44 Removed Vampireville 23-08-2016 22:14:48 Removed Nancy Drew: The Haunted Carousel 23-08-2016 22:23:45 Removed TuneUp Utilities 2012 23-08-2016 22:26:13 Removed TuneUp Utilities Language Pack (en-US) ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/01/2016 06:47:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/28/2016 02:20:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/28/2016 02:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/28/2016 02:13:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/28/2016 02:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/28/2016 01:33:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (08/28/2016 01:33:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (08/28/2016 01:32:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (08/28/2016 01:32:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (08/28/2016 01:30:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (09/01/2016 06:51:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 06:51:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 06:51:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz Percentage of memory in use: 18% Total physical RAM: 3894.7 MB Available physical RAM: 3184.14 MB Total Virtual: 7787.57 MB Available Virtual: 7066.91 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:392.79 GB) NTFS Drive e: (PKBACK# 001) (Removable) (Total:0.24 GB) (Free:0.22 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F843B164) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 250 MB) (Disk ID: E28FFE80) Partition 1: (Active) - (Size=250 MB) - (Type=06) ==================== End of Addition.txt ============================
  6. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by doug (administrator) on RTK-PC (01-09-2016 07:07:08) Running from E:\ Loaded Profiles: doug (Available Profiles: doug) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.) HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] () HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation) HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] () HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1658440 2011-03-12] (McAfee, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask) HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] () HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks) HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-07-21] (Dell) HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] () Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\...\Run: [Exetender_600] => "C:\Program Files (x86)\GameTanium PC app\GPlayer.exe" /schedule 300000 HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{C195F3BE-AF85-42AF-9CF7-1942D7859625}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {1F4BA6FE-1999-419B-9084-CAAEE755D70E} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms} SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://mumbojumbo.start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms} SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=egames3_1yach&q={searchTerms} SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {AB0B2C91-B824-40B9-A2DC-175A02A8F443} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYUTUS&apn_uid=cec81260-db6e-4fed-a298-43d5962899e8&apn_sauid=258CEDD4-837C-4AD6-9297-2454A228FE2E SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://www.ask.com/web?l=dis&o=APN10022&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A4D&apn_uid=2454202215194023&p2=^A4D^YYYYYY^YY^US&q={searchTerms} BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120207150141.dll [2011-03-13] (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-15] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-02-07] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120207150141.dll [2011-03-13] (McAfee, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-15] (Google Inc.) BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-02-07] (Oracle Corporation) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-15] (Google Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-15] (Google Inc.) Toolbar: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> No Name - {4FE80DBA-DD5F-4914-BCBA-C189BF3A1691} - No File DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2011-03-12] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2011-03-12] (McAfee, Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2012-02-07] (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2011-03-12] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2012-02-07] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [2011-03-12] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media ) FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-26] (Google Inc.) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://start.mysearchdial.com/?f=1&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzuyCyEtByBtAyByCzz0EtD0CyEzzyC0DyEtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyDyByE0EtBtDyB0CtG0D0AyCyDtG0F0EyBzztGyDtAtA0BtGtB0Dzz0E0FyC0BtA0DzytAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyDyB0EyDzzzytGyBzz0C0DtGtByEtAyBtGtDyE0B0BtGyEyDzytDzy0ByC0FzyyC0Fzy2Q&cr=571709270&ir= CHR StartupUrls: Default -> "hxxps://www.yahoo.com/", "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzuyCyEtByBtAyByCzz0EtD0CyEzzyC0DyEtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyDyByE0EtBtDyB0CtG0D0AyCyDtG0F0EyBzztGyDtAtA0BtGtB0Dzz0E0FyC0BtA0DzytAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyDyB0EyDzzzytGyBzz0C0DtGtByEtAyBtGtDyE0B0BtGyEyDzytDzy0ByC0FzyyC0Fzy2Q&cr=571709270&ir= CHR DefaultSearchKeyword: Default -> mysearchdial.com CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll => No File CHR Plugin: (PremierOpinion) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.2_0\plugins/pmcm.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll => No File CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Profile: C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-26] CHR Extension: (Google Search) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-05] CHR Extension: (Gmail) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-26] CHR HKLM-x32\...\Chrome\Extension: [hpflffkopmgalfhfholanbnhoiblmajp] - C:\Program Files (x86)\GamingWonderland Chrome Extension\bar\GamingWonderland@mindspark.com.gen1 <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.) S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.) S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed] S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [501768 2011-03-17] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.) R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation) R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.) R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-01 07:06 - 2016-09-01 07:07 - 00000000 ____D C:\FRST 2016-09-01 06:48 - 2016-09-01 06:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2016-08-26 19:17 - 2016-08-26 19:17 - 00000020 _____ C:\Users\doug\AppData\Roaming\appdataFr3.bin 2016-08-23 20:01 - 2016-08-28 14:24 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-23 20:01 - 2016-08-28 14:23 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-08-23 20:01 - 2016-08-28 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-23 20:01 - 2016-08-28 14:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-08-23 20:01 - 2016-08-23 20:01 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-23 20:01 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2016-08-23 20:01 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys 2016-08-23 20:01 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-01 07:05 - 2012-08-13 17:04 - 00464116 _____ C:\windows\ntbtlog.txt 2016-08-28 14:17 - 2012-02-07 14:12 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2016-08-28 14:16 - 2013-05-03 07:24 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-28 14:16 - 2012-07-09 11:08 - 00000000 ____D C:\Users\doug\AppData\Local\SoftThinks 2016-08-28 14:16 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-08-28 13:59 - 2014-04-08 16:28 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-08-28 13:54 - 2015-04-15 16:13 - 00003484 _____ C:\windows\System32\Tasks\PCDEventLauncherTask 2016-08-28 13:45 - 2012-08-17 21:08 - 00000000 ____D C:\Users\doug\AppData\Local\Nero 2016-08-28 13:39 - 2013-05-03 07:24 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-28 13:37 - 2009-07-13 21:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-28 13:37 - 2009-07-13 21:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-28 13:33 - 2009-07-13 22:13 - 00006206 _____ C:\windows\system32\PerfStringBackup.INI 2016-08-26 19:34 - 2015-02-25 18:27 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-08-26 19:34 - 2013-05-03 07:24 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-08-23 22:21 - 2013-03-02 01:33 - 00000000 ____D C:\Program Files (x86)\OXXOGames 2016-08-23 22:18 - 2013-05-03 07:23 - 00000000 ____D C:\GameHouse Games 2016-08-23 22:18 - 2012-10-04 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames 2016-08-23 22:18 - 2012-10-04 21:01 - 00000000 ____D C:\Program Files (x86)\egames 2016-08-23 22:18 - 2012-09-01 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse 2016-08-23 22:17 - 2012-09-01 21:41 - 00000000 ____D C:\Program Files (x86)\GameHouse 2016-08-23 22:17 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-08-23 22:15 - 2013-05-03 07:30 - 00000000 ____D C:\ProgramData\Trymedia 2016-08-23 22:15 - 2012-08-14 17:35 - 00000000 ____D C:\ProgramData\PopCap Games 2016-08-23 22:15 - 2012-08-14 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games 2016-08-23 22:15 - 2012-08-14 17:35 - 00000000 ____D C:\Program Files (x86)\PopCap Games 2016-08-23 22:14 - 2013-02-26 18:34 - 00000000 ____D C:\Program Files (x86)\Viva Media 2016-08-23 22:14 - 2012-09-29 20:45 - 00000000 ____D C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games of the Month 2016-08-23 22:14 - 2012-09-29 20:45 - 00000000 ____D C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-08-23 22:14 - 2012-08-20 21:19 - 00000000 ____D C:\Program Files (x86)\Oberon Media SIDR 2016-08-23 22:12 - 2012-08-29 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games 2016-08-23 22:11 - 2012-08-15 17:07 - 00000000 ____D C:\Program Files (x86)\On Hand Software 2016-08-23 22:04 - 2015-04-26 08:57 - 00000000 ____D C:\Program Files (x86)\Haunted Hotel - Death Sentence 2016-08-23 22:03 - 2013-02-10 12:27 - 00514216 _____ C:\windows\Gogii 4-Pack Uninstall Log.txt 2016-08-23 22:01 - 2012-10-06 18:26 - 00000000 ____D C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTanium PC app 2016-08-23 22:01 - 2012-10-06 07:53 - 00000000 ____D C:\Program Files (x86)\GameTanium PC app 2016-08-23 22:01 - 2012-08-20 21:19 - 00000000 ____D C:\Users\doug\AppData\Roaming\Oberon Media 2016-08-23 22:01 - 2012-08-20 14:47 - 00000000 ____D C:\Remote Programs 2016-08-23 22:01 - 2012-02-07 13:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-23 22:00 - 2012-08-20 14:47 - 00000000 ____D C:\Program Files (x86)\Free Ride Games 2016-08-23 22:00 - 2009-07-13 22:32 - 00000000 ____D C:\windows\Downloaded Program Files 2016-08-23 21:59 - 2009-07-13 19:34 - 00000692 _____ C:\windows\win.ini 2016-08-23 21:54 - 2014-06-14 18:08 - 00000000 ____D C:\ProgramData\Big Fish 2016-08-23 21:54 - 2014-06-14 18:07 - 00000000 ____D C:\BigFishCache 2016-08-23 21:52 - 2012-02-07 14:07 - 00000000 ____D C:\ProgramData\WildTangent 2016-08-23 21:50 - 2013-05-03 07:26 - 00000000 ____D C:\Program Files (x86)\Zylom Games 2016-08-23 21:39 - 2012-10-06 19:22 - 00000000 ____D C:\Temp 2016-08-23 21:39 - 2012-08-20 14:47 - 00000000 ____D C:\Users\doug\AppData\LocalLow\Temp 2016-08-23 21:35 - 2014-12-26 14:16 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-08-23 21:33 - 2015-02-25 18:36 - 00000000 ____D C:\Program Files (x86)\SeekerInit 2016-08-23 21:33 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system 2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\saferweeb 2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\FineDealaSoft 2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\Facebook Timeline Covers 2016-08-23 20:59 - 2015-04-08 10:26 - 00000000 ____D C:\Program Files (x86)\TrollBook 2016-08-23 20:59 - 2015-04-08 10:26 - 00000000 ____D C:\Program Files (x86)\SaveRnuett 2016-08-23 20:59 - 2015-03-21 01:28 - 00000000 ____D C:\Program Files (x86)\deal4rreale 2016-08-23 20:59 - 2015-03-21 01:27 - 00000000 ____D C:\Program Files (x86)\Voicify 2016-08-23 20:59 - 2015-03-21 01:27 - 00000000 ____D C:\Program Files (x86)\FineDealSoftt 2016-08-23 20:59 - 2015-02-26 06:57 - 00000000 ____D C:\Program Files (x86)\Mind the Word 2016-08-23 20:59 - 2015-02-26 06:56 - 00000000 ____D C:\Program Files (x86)\dowwnloaditkeepa 2016-08-23 20:59 - 2015-02-26 06:56 - 00000000 ____D C:\Program Files (x86)\CoupSCannuer 2016-08-23 20:59 - 2014-12-26 14:37 - 00000000 ____D C:\ProgramData\Browser 2016-08-23 20:59 - 2014-06-19 17:01 - 00000000 ____D C:\Program Files (x86)\TidyNetwork 2016-08-23 20:59 - 2014-04-21 14:19 - 00000000 ____D C:\Program Files (x86)\PopularScreensavers ==================== Files in the root of some directories ======= 2016-08-26 19:17 - 2016-08-26 19:17 - 0000020 _____ () C:\Users\doug\AppData\Roaming\appdataFr3.bin 2014-12-01 15:29 - 2015-02-25 18:16 - 0000100 _____ () C:\Users\doug\AppData\Roaming\WB.CFG 2012-12-15 17:45 - 2012-12-16 11:46 - 0033070 _____ () C:\Users\doug\AppData\Local\slot1.mm1 2013-01-23 10:33 - 2014-02-07 11:07 - 0001493 _____ () C:\ProgramData\aaron_exentt.log 2014-02-09 20:05 - 2014-02-09 21:01 - 0000354 _____ () C:\ProgramData\aygdi_save.log 2012-09-08 19:06 - 2013-02-21 03:17 - 0000354 _____ () C:\ProgramData\aygdr_save.log 2012-08-15 17:10 - 2012-08-25 17:03 - 0000266 _____ () C:\ProgramData\ayg_saver.log 2013-08-27 06:01 - 2013-09-26 11:42 - 0001491 _____ () C:\ProgramData\ayoung3_save.log 2013-02-14 12:12 - 2015-04-23 20:46 - 0003898 _____ () C:\ProgramData\doicrane_save.log 2012-11-09 09:20 - 2012-11-27 09:54 - 0003407 _____ () C:\ProgramData\dscranew_save.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-27 07:10 ==================== End of FRST.txt ============================
  7. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:36:52 PM, on 8/28/2016 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17126) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe E:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120207150141.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe O4 - HKCU\..\Run: [Exetender_600] "C:\Program Files (x86)\GameTanium PC app\GPlayer.exe" /schedule 300000 O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file) O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12782 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.