Silly poppups on internet browsers ("trovi" "doko") [Archive]

Kunzie

2014-12-18, 08:57

First off thanks for this site and the awesome step by step instructions. I am not a computer whiz but I can follow directions. Any help will be greatly appreciated with removing and preventing malware on my computers (this thread is about my desktop, I will make a new thread as we move forward fixing one at a time).

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Kunz Family (administrator) on KUNZFAMILY-PC on 18-12-2014 18:36:43
Running from C:\Users\Kunz Family\Desktop
Loaded Profile: Kunz Family (Available profiles: Kunz Family)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Interesting Solutions) C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McA7832.tmp
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(ContentExplorer) C:\Users\Kunz Family\AppData\Roaming\ContentExplorer\ContentExplorer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McU47AF.tmp
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(APN LLC.) C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
(APN LLC.) C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_182_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-265481619-2286802819-923454813-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-265481619-2286802819-923454813-1001\...\Run: [ContentExplorer] => C:\Users\Kunz Family\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680 2014-12-17] (ContentExplorer)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-265481619-2286802819-923454813-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-265481619-2286802819-923454813-1001] => http=127.0.0.1:59244;https=127.0.0.1:59244
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?babsrc=HP_ss_Btisdt5&mntrId=38C800FFB0BB1408&affID=119360&tsp=4956
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=38C800FFB0BB1408&affID=119360&tsp=4956
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=55&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&SSPV=
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013021104234208&tb_oid=11-02-2013
&tb_mrud=11-02-2013

SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {5462F4F1-2DD2-40F6-800F-BCF9E49E9D97} URL =
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=996B3890-D438-45E6-86FE-F103B0E234FE&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17041&doi=2014-12-19&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Kunz Family\AppData\Roaming\Mozilla\Firefox\Profiles\8zilnfe2.default
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=55&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&SSPV=|hxxp://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=38C800FFB0BB1408&affID=119360&tsp=4956
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-09-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0298521418917912mcinstcleanup; C:\Windows\TEMP\029852~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-11-24] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows (R) Win 7 DDK provider)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3320640 2014-12-10] (Client Connect LTD)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [492496 2014-12-17] (Client Connect LTD)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 sJMJqtqOYtM; C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe [2726248 2014-12-17] (Interesting Solutions)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
U3 mfehidk01; No ImagePath
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
U3 mfencbdc01; No ImagePath
U3 mfencbdc02; No ImagePath
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 18:36 - 2014-12-18 18:37 - 00020680 _____ () C:\Users\Kunz Family\Desktop\FRST.txt
2014-12-18 18:35 - 2014-12-18 18:36 - 00000000 ____D () C:\FRST
2014-12-18 18:35 - 2014-12-18 18:35 - 02121216 _____ (Farbar) C:\Users\Kunz Family\Desktop\FRST64.exe
2014-12-18 18:33 - 2014-12-18 18:33 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KUNZFAMILY-PC-Microsoft-Windows-7-Professional-(64-bit).dat
2014-12-18 18:32 - 2014-12-18 18:32 - 00000000 ____D () C:\RegBackup
2014-12-18 18:21 - 2014-12-18 18:21 - 00289390 _____ () C:\Users\Kunz Family\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance)- Updated.htm
2014-12-18 18:21 - 2014-12-18 18:21 - 00002237 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-18 18:21 - 2014-12-18 18:21 - 00000000 ____D () C:\Users\Kunz Family\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance)- Updated_files
2014-12-18 18:21 - 2014-12-18 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-18 18:21 - 2014-12-18 18:21 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-18 18:19 - 2014-12-18 18:19 - 04215584 _____ () C:\Users\Kunz Family\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-18 18:15 - 2014-12-18 18:15 - 00000000 ___RD () C:\Users\Kunz Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-18 17:13 - 2014-12-18 17:13 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork
2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\ProgramData\APN
2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-12-18 17:11 - 2014-12-18 17:40 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\.minecraft
2014-12-18 17:11 - 2014-12-18 17:11 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\java
2014-12-18 17:10 - 2014-12-18 17:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-18 17:10 - 2014-12-18 17:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-18 17:10 - 2014-12-18 17:10 - 00000000 ____D () C:\ProgramData\Sun
2014-12-18 17:10 - 2014-12-18 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-18 17:10 - 2014-12-18 17:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-18 16:07 - 2014-12-18 16:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\PCDr
2014-12-18 07:52 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-12-18 00:12 - 2014-12-18 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-17 23:43 - 2014-12-17 23:43 - 00001941 _____ () C:\Users\Kunz Family\Desktop\McAfee Internet Security.lnk
2014-12-17 23:41 - 2014-12-17 23:41 - 00000552 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-12-17 23:32 - 2014-12-17 23:39 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Enigma Software Group
2014-12-17 23:32 - 2014-12-17 23:32 - 00000000 _____ () C:\autoexec.bat
2014-12-17 23:12 - 2014-12-17 23:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-17 23:10 - 2014-12-18 18:18 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\CrashDumps
2014-12-17 23:09 - 2014-12-17 23:41 - 00003322 _____ () C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup
2014-12-17 23:09 - 2014-12-17 23:29 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\WebGuard
2014-12-17 23:09 - 2014-12-17 23:13 - 00000000 ____D () C:\Program Files\WebBar
2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\ContentExplorer
2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\yQTmyhbhY
2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\WebGuard
2014-12-17 23:08 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Mozilla
2014-12-17 23:08 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Mozilla
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\ORBTR
2014-12-17 22:48 - 2014-12-17 22:48 - 00003654 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 5520 series
2014-12-17 22:48 - 2014-12-17 22:48 - 00002250 _____ () C:\Users\Public\Desktop\HP Photosmart 5520 series.lnk
2014-12-17 22:48 - 2014-12-17 22:48 - 00001993 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-12-17 22:48 - 2014-12-17 22:48 - 00001182 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5520 series.lnk
2014-12-17 22:48 - 2014-12-17 22:48 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\HpUpdate
2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\ProgramData\Visan
2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\Program Files\HP
2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-12-17 22:48 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMB111.dll
2014-12-17 22:47 - 2014-12-17 22:49 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\HP
2014-12-17 22:47 - 2014-12-17 22:47 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Hewlett-Packard
2014-12-17 22:46 - 2014-12-17 22:48 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-12-17 22:46 - 2014-12-17 22:46 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-17 22:43 - 2014-12-17 22:43 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\softthinks
2014-12-17 22:43 - 2014-12-17 22:43 - 00000000 ____D () C:\ProgramData\softthinks
2014-12-17 22:43 - 2014-05-02 06:33 - 00000118 ____H () C:\DBAR_Ver.txt
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-12-17 22:38 - 2014-12-16 22:06 - 45217712 _____ () C:\Users\Kunz Family\Desktop\Craig's Quicken Data.QDF
2014-12-15 23:26 - 2014-12-15 23:26 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Adobe
2014-12-15 23:14 - 2014-12-15 23:14 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-15 23:14 - 2014-12-15 23:14 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Apple Computer
2014-12-15 23:14 - 2014-12-15 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\Program Files\iTunes
2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\Program Files\iPod
2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-15 23:13 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-12-15 23:12 - 2014-12-15 23:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-15 23:12 - 2014-12-15 23:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Apple
2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\ProgramData\Apple
2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-15 22:54 - 2014-12-15 22:54 - 00001556 __RSH () C:\Users\Kunz Family\ntuser.pol
2014-12-15 22:45 - 2014-12-15 22:57 - 00000000 ____D () C:\Users\Kunz Family\Desktop\Theresa's Pics
2014-12-15 22:32 - 2014-12-15 22:32 - 00023128 _____ () C:\Windows\system32\emptyregdb.dat
2014-12-15 21:41 - 2014-12-15 23:14 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Apple Computer
2014-12-15 21:41 - 2014-12-15 22:32 - 00010623 _____ () C:\Windows\comsetup.log
2014-12-15 21:40 - 2014-12-15 21:40 - 00000000 ___DC () C:\Users\Kunz Family\AppData\Local\MigWiz
2014-12-15 21:39 - 2014-12-15 22:56 - 00000000 ____D () C:\Users\Kunz Family\Documents\Quicken
2014-12-15 21:37 - 2014-12-15 21:37 - 00001816 _____ () C:\Users\Public\Desktop\Quicken Deluxe 2011.lnk
2014-12-15 21:37 - 2014-12-15 21:37 - 00000357 _____ () C:\Users\Public\Desktop\Free Credit Report and Score.url
2014-12-15 21:37 - 2011-03-10 17:00 - 04199768 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2014-12-15 21:36 - 2014-12-15 21:37 - 00000000 ____D () C:\Program Files (x86)\Quicken
2014-12-15 21:36 - 2014-12-15 21:36 - 00000126 _____ () C:\Windows\QUICKEN.INI
2014-12-15 21:36 - 2014-12-15 21:36 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Intuit
2014-12-15 21:36 - 2014-12-15 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2011
2014-12-15 21:36 - 2014-12-15 21:36 - 00000000 ____D () C:\ProgramData\Intuit
2014-12-15 21:26 - 2014-12-15 21:26 - 00001140 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-12-15 21:26 - 2014-12-15 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-12-15 21:25 - 2014-12-15 22:42 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Battle.net
2014-12-15 21:25 - 2014-12-15 21:35 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Battle.net
2014-12-15 21:25 - 2014-12-15 21:34 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-12-15 21:25 - 2014-12-15 21:25 - 00001146 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-12-15 21:25 - 2014-12-15 21:25 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Blizzard Entertainment
2014-12-15 21:25 - 2014-12-15 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-12-15 21:25 - 2014-12-15 21:25 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-15 21:25 - 2014-12-15 21:25 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-15 21:23 - 2014-12-15 21:24 - 00000000 ____D () C:\ProgramData\Battle.net
2014-12-15 21:18 - 2014-12-15 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-15 21:17 - 2014-12-15 21:17 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-15 21:16 - 2014-12-15 21:16 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-15 21:16 - 2014-12-15 21:16 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-15 21:15 - 2014-12-15 21:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-15 21:15 - 2014-12-15 21:15 - 00000000 __RHD () C:\MSOCache
2014-12-15 21:15 - 2014-12-15 21:15 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Microsoft Help
2014-12-15 21:15 - 2014-12-15 21:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-15 21:11 - 2014-12-18 16:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-15 21:11 - 2014-12-17 22:48 - 00000000 ____D () C:\ProgramData\HP
2014-12-15 21:11 - 2014-12-15 21:11 - 00004006 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-12-15 21:11 - 2014-12-15 21:11 - 00003218 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-12-15 21:11 - 2014-12-15 21:11 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Dell
2014-12-15 21:09 - 2014-12-15 21:09 - 00000000 __SHD () C:\Users\Kunz Family\AppData\Local\EmieUserList
2014-12-15 21:09 - 2014-12-15 21:09 - 00000000 __SHD () C:\Users\Kunz Family\AppData\Local\EmieSiteList
2014-12-15 21:09 - 2014-12-15 21:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Macromedia
2014-12-15 21:09 - 2014-12-15 21:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Intel Corporation
2014-12-15 21:08 - 2014-12-18 18:15 - 00000000 ____D () C:\Users\Kunz Family\Documents\Bluetooth Folder
2014-12-15 21:08 - 2014-12-15 23:26 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Adobe
2014-12-15 21:08 - 2014-12-15 22:32 - 00001415 _____ () C:\Users\Kunz Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-15 21:08 - 2014-12-15 21:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Leadertech
2014-12-15 21:08 - 2014-12-15 21:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Atheros
2014-12-15 21:08 - 2014-12-15 21:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\BMExplorer
2014-12-15 21:07 - 2014-12-15 21:44 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\VirtualStore
2014-12-15 21:05 - 2014-12-17 22:47 - 00110424 _____ () C:\Users\Kunz Family\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-15 21:05 - 2014-12-15 21:05 - 00001975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
2014-12-15 21:05 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-15 21:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-15 21:05 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-15 21:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-12-15 21:05 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-15 21:05 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-15 21:05 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-12-15 21:05 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-15 21:05 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-12-15 21:05 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-12-15 21:05 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-12-15 21:05 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-15 21:05 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-15 21:05 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-12-15 21:04 - 2014-12-15 22:54 - 00000000 ____D () C:\Users\Kunz Family
2014-12-15 21:04 - 2014-12-15 21:04 - 00000020 ___SH () C:\Users\Kunz Family\ntuser.ini
2014-12-15 21:04 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Kunz Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-15 21:04 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Kunz Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-13 10:26 - 2014-12-13 10:26 - 02206864 ____C (Microsoft Corporation) C:\Users\Kunz Family\Downloads\DefaultPack.EXE
2014-12-12 08:49 - 2014-12-12 08:49 - 00075264 ____C () C:\Users\Kunz Family\Documents\address labels.pub
2014-12-11 17:25 - 2014-12-11 17:25 - 01055936 ____C (Adobe) C:\Users\Kunz Family\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2014-12-11 17:24 - 2014-12-11 17:24 - 42096984 _____ (Apple Inc.) C:\Users\Kunz Family\Downloads\QuickTimeInstaller(2).exe
2014-12-11 17:22 - 2014-12-11 17:23 - 42096984 _____ (Apple Inc.) C:\Users\Kunz Family\Downloads\QuickTimeInstaller(1).exe
2014-12-10 20:14 - 2014-12-15 22:31 - 00000000 ___DC () C:\XWING95
2014-12-10 20:13 - 2014-12-10 20:13 - 00314891 ____C () C:\Users\Kunz Family\Downloads\XCS_XW95_MSI_v1.0.0.0.zip
2014-12-10 19:54 - 2014-12-15 21:50 - 00000000 ___DC () C:\Users\Kunz Family\Downloads\XCS_Unofficial_Patch
2014-12-10 19:53 - 2014-12-10 19:53 - 00266577 ____C () C:\Users\Kunz Family\Downloads\XCS_Unofficial_Patch.zip
2014-12-09 05:59 - 2014-12-09 05:59 - 00397824 ____C () C:\Users\Kunz Family\Documents\applesox giftcertificate.pub
2014-11-29 19:46 - 2014-11-29 19:46 - 01942688 ____C () C:\Users\Kunz Family\Downloads\winrar-x64-52b4.exe
2014-11-29 19:41 - 2014-12-15 21:48 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Kovacic's Textures Pack v1.0.6
2014-11-29 19:24 - 2014-11-29 19:24 - 04923574 ____C () C:\Users\Kunz Family\Downloads\TConstruct-1.7.10-1.7.1c(2).jar
2014-11-29 08:24 - 2014-12-12 08:42 - 00068608 ____C () C:\Users\Kunz Family\Documents\budgetdec2014.xls
2014-11-28 21:43 - 2014-11-28 21:48 - 00000000 ___DC () C:\Users\Kunz Family\Desktop\mods
2014-11-28 21:39 - 2014-11-28 21:39 - 04923574 ____C () C:\Users\Kunz Family\Downloads\TConstruct-1.7.10-1.7.1c(1).jar
2014-11-28 21:36 - 2014-11-28 21:36 - 04923574 ____C () C:\Users\Kunz Family\Downloads\TConstruct-1.7.10-1.7.1c.jar
2014-11-28 21:14 - 2014-12-15 21:48 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Kovacic's Mod Pack v2.1.2-B2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 18:33 - 2014-09-09 17:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-18 18:17 - 2009-07-13 21:13 - 00781540 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 18:15 - 2014-09-11 08:00 - 01594646 _____ () C:\Windows\WindowsUpdate.log
2014-12-18 07:51 - 2014-09-11 08:06 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-12-18 07:48 - 2014-09-11 08:06 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-18 07:48 - 2014-09-11 08:06 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-18 00:05 - 2009-07-13 20:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 00:05 - 2009-07-13 20:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 00:03 - 2014-09-11 08:09 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-12-17 23:54 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 23:54 - 2009-07-13 20:51 - 00040803 _____ () C:\Windows\setupact.log
2014-12-17 23:40 - 2010-11-20 19:47 - 00169760 _____ () C:\Windows\PFRO.log
2014-12-17 23:40 - 2009-07-13 20:45 - 00421848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-17 22:38 - 2014-09-11 08:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-17 22:34 - 2011-02-10 06:25 - 00000000 ____D () C:\dell
2014-12-15 23:25 - 2014-03-31 20:11 - 00001410 ____C () C:\Users\Kunz Family\Desktop\Norton Installation Files.lnk
2014-12-15 22:49 - 2011-12-07 12:40 - 00000000 ___DC () C:\Users\Kunz Family\Desktop\Craig's stuff
2014-12-15 22:33 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Registration
2014-12-15 22:31 - 2011-12-16 23:11 - 00000000 ___DC () C:\Users\Public\Juniper Networks
2014-12-15 22:31 - 2010-11-20 23:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-15 22:31 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-15 22:30 - 2014-03-31 20:11 - 00000000 ___DC () C:\Users\Public\Downloads\Norton
2014-12-15 22:29 - 2011-12-26 15:13 - 00000000 ___DC () C:\Users\Public\Documents\LeapFrog
2014-12-15 22:27 - 2011-12-07 10:34 - 00000000 ___DC () C:\Theresa transfer
2014-12-15 22:25 - 2014-09-11 08:10 - 00000000 ____D () C:\Temp
2014-12-15 22:25 - 2014-09-11 07:52 - 00000000 ____D () C:\Intel
2014-12-15 22:25 - 2012-11-28 21:30 - 00000000 ___DC () C:\Samsung
2014-12-15 22:25 - 2012-02-24 14:59 - 00000000 __HDC () C:\$avg
2014-12-15 22:25 - 2011-12-07 09:54 - 00000000 ___DC () C:\TempEI4
2014-12-15 22:25 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-15 22:25 - 2009-07-13 19:20 - 00000000 __HDC () C:\Windows\system32\GroupPolicy
2014-12-15 22:24 - 2011-12-07 11:19 - 00000000 ___DC () C:\Users\Kunz Family\TurboTax Prog
2014-12-15 22:22 - 2011-12-07 11:19 - 00000000 ___DC () C:\Users\Kunz Family\TurboTax
2014-12-15 22:21 - 2011-12-07 11:19 - 00000000 ___DC () C:\Users\Kunz Family\Quicken
2014-12-15 21:50 - 2014-05-29 19:04 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Wondershare Video Editor
2014-12-15 21:50 - 2014-02-12 19:51 - 00000000 ___DC () C:\Users\Kunz Family\Downloads\PC Drivers HeadQuarters
2014-12-15 21:48 - 2014-10-31 10:42 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Kovacic's Mod Pack v2.1.1-B5
2014-12-15 21:48 - 2014-03-31 20:17 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Symantec
2014-12-15 21:48 - 2013-10-22 15:42 - 00000000 ___DC () C:\Users\Kunz Family\Documents\NewBlueFX
2014-12-15 21:48 - 2013-10-22 15:37 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Adobe
2014-12-15 21:48 - 2013-07-14 12:26 - 00000000 ___DC () C:\Users\Kunz Family\Documents\My Games
2014-12-15 21:48 - 2012-08-25 17:17 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Diablo III
2014-12-15 21:48 - 2012-02-06 12:38 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Amazon MP3
2014-12-15 21:48 - 2012-01-25 19:29 - 00000000 ___DC () C:\Users\Kunz Family\Documents\TurboTax
2014-12-15 21:48 - 2011-12-21 08:58 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Outlook Files
2014-12-15 21:48 - 2011-12-07 21:27 - 00000000 ___DC () C:\Users\Kunz Family\Documents\StarCraft II
2014-12-15 21:48 - 2011-12-07 11:17 - 00000000 ___DC () C:\Users\Kunz Family\Documents\JPG Files
2014-12-15 21:48 - 2011-12-07 11:17 - 00000000 ___DC () C:\Users\Kunz Family\Documents\invisible-closing-seam-tutorial_files
2014-12-15 21:46 - 2014-02-19 17:14 - 00000000 ___DC () C:\Users\Kunz Family\Desktop\Old Firefox Data
2014-12-15 21:44 - 2011-12-11 15:53 - 00000000 ___DC () C:\Users\Kunz Family\Adobe Photoshop Elements 10
2014-12-15 21:44 - 2011-12-07 11:29 - 00000000 ___DC () C:\Users\Kunz Family\Desktop\Desktop Files
2014-12-15 21:18 - 2010-11-20 23:17 - 00000000 ____D () C:\Windows\ShellNew
2014-12-15 21:17 - 2014-09-11 08:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-15 21:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-15 21:16 - 2009-07-13 18:34 - 00000510 _____ () C:\Windows\win.ini
2014-12-15 21:11 - 2014-09-11 08:05 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-15 21:08 - 2014-09-11 08:24 - 00000000 ____D () C:\ProgramData\Atheros
2014-12-15 21:04 - 2014-09-11 07:59 - 00000000 ____D () C:\ProgramData\Dell
2014-12-15 10:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-15 10:04 - 2011-02-10 06:25 - 00000000 ____D () C:\Windows\panther
2014-12-10 07:47 - 2009-07-13 20:54 - 00000368 ___SH () C:\Users\Public\Desktop\desktop (1).ini

Files to move or delete:
====================
C:\Users\Kunz Family\acrobatreader.exe
C:\Users\Kunz Family\alg22847.exe
C:\Users\Kunz Family\chrome.exe
C:\Users\Kunz Family\conhost.exe
C:\Users\Kunz Family\csrss.exe
C:\Users\Kunz Family\csrss877129.exe
C:\Users\Kunz Family\firefox483107.exe
C:\Users\Kunz Family\flashplayer.exe
C:\Users\Kunz Family\googleupdate.exe
C:\Users\Kunz Family\icq.exe
C:\Users\Kunz Family\java.exe
C:\Users\Kunz Family\jqs.exe
C:\Users\Kunz Family\msconfig.exe
C:\Users\Kunz Family\mstsc.exe
C:\Users\Kunz Family\notepad.exe
C:\Users\Kunz Family\notepad536161.exe
C:\Users\Kunz Family\spoolsv.exe
C:\Users\Kunz Family\spoolsv832448.exe
C:\Users\Kunz Family\teamviewer.exe
C:\Users\Kunz Family\teamviewer464293.exe
C:\Users\Kunz Family\windowsupdate886035.exe
C:\Users\Kunz Family\winlogon.exe
C:\Users\Kunz Family\winlogon653616.exe

Some content of TEMP:
====================
C:\Users\Kunz Family\AppData\Local\Temp\APNSetup.exe
C:\Users\Kunz Family\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2011-02-10 08:26

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Kunz Family at 2014-12-18 18:37:12
Running from C:\Users\Kunz Family\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
ContentExplorer (HKLM-x32\...\ContentExplorer) (Version: 8.4 - ContentExplorer.net)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version: - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1500}) (Version: 12.21.0.114 - APN, LLC) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.10.160 - Client Connect LTD) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
WebGuard (HKLM-x32\...\WebGuard) (Version: 3.0.21 - Interesting Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

15-12-2014 21:04:49 Windows Update
15-12-2014 21:11:07 Windows Update
15-12-2014 21:15:22 Installed Microsoft Office Professional 2010
15-12-2014 23:13:01 Installed iTunes
17-12-2014 22:46:21 Installed HP Support Solutions Framework

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {27D35B70-96BA-4AB6-9A42-3F38227D4A2A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2FC60092-57B3-46D7-9CBE-C05CAE51C99A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {58F6A018-7867-4D8D-B6D3-1B23B94A609F} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {5A97C664-046E-4A6C-9AA9-0737F576374E} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {69AF906E-A43C-4B7F-B693-4691819A3594} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {85B13FA8-200E-4590-8BDE-C01C253603FF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8D4A129F-36ED-422D-8CDA-A81E37C69622} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {F134476A-CA6F-4853-9A60-D002E111975C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-11 08:09 - 2014-03-12 09:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-09-11 08:09 - 2014-03-12 09:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-09-11 08:09 - 2014-03-12 09:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2013-07-02 19:51 - 2013-07-02 19:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-09-11 08:09 - 2014-04-30 07:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-11 07:55 - 2013-12-09 14:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-11 08:09 - 2013-12-17 14:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-09-11 08:09 - 2012-11-25 20:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-11 08:09 - 2012-11-25 20:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-265481619-2286802819-923454813-500 - Administrator - Disabled)
Guest (S-1-5-21-265481619-2286802819-923454813-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-265481619-2286802819-923454813-1002 - Limited - Enabled)
Kunz Family (S-1-5-21-265481619-2286802819-923454813-1001 - Administrator - Enabled) => C:\Users\Kunz Family

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2014 06:18:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1c1c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/18/2014 06:18:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1160
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/18/2014 05:13:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0xb78
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/18/2014 00:11:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1370
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/18/2014 00:11:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xe68
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/18/2014 00:02:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x654
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/17/2014 11:54:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 11:40:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 11:10:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TOASTER.EXE, version: 1.0.1.221, time stamp: 0x5361e87c
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0xe0434352
Fault offset: 0x0000c41f
Faulting process id: 0x172c
Faulting application start time: 0xTOASTER.EXE0
Faulting application path: TOASTER.EXE1
Faulting module path: TOASTER.EXE2
Report Id: TOASTER.EXE3

Error: (12/17/2014 11:10:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOASTER.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Toaster.App.Main()

System errors:
=============
Error: (12/18/2014 06:15:40 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (12/18/2014 05:08:09 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (12/18/2014 07:52:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (12/18/2014 07:52:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (12/18/2014 07:52:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (12/18/2014 07:52:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (12/18/2014 07:52:51 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (12/18/2014 07:52:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (12/18/2014 07:52:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (12/18/2014 07:52:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (12/18/2014 06:18:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7531c1c01d01b31bd167982C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll5dc0802e-8725-11e4-9cc0-38b1db96f6a2

Error: (12/18/2014 06:18:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753116001d01b321106fdfbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll51bd6a92-8725-11e4-9cc0-38b1db96f6a2

Error: (12/18/2014 05:13:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c000000500038e19b7801d01b28eeae6839C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll2e5af8f1-871c-11e4-9cc0-38b1db96f6a2

Error: (12/18/2014 00:11:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753137001d01a9a34b499f6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll7445cb62-868d-11e4-9cc0-38b1db96f6a2

Error: (12/18/2014 00:11:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753e6801d01a98f951ce1fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll6ea43ba9-868d-11e4-9cc0-38b1db96f6a2

Error: (12/18/2014 00:02:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75365401d01a98745f57e4C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll3066a95d-868c-11e4-9cc0-38b1db96f6a2

Error: (12/17/2014 11:54:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 11:40:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 11:10:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TOASTER.EXE1.0.1.2215361e87cKERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41f172c01d01a8de557e0c7C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXEC:\Windows\syswow64\KERNELBASE.dlled6ed7db-8684-11e4-ac02-38b1db96f6a2

Error: (12/17/2014 11:10:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOASTER.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Toaster.App.Main()

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 15%
Total physical RAM: 16300.93 MB
Available physical RAM: 13831.7 MB
Total Pagefile: 32600.05 MB
Available Pagefile: 28859.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:732.75 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:24.22 GB) (Free:13.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: FA4DACB7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=24.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=907.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-18 18:38:56
-----------------------------
18:38:56.112 OS Version: Windows x64 6.1.7601 Service Pack 1
18:38:56.112 Number of processors: 8 586 0x3C03
18:38:56.112 ComputerName: KUNZFAMILY-PC UserName: Kunz Family
18:38:57.485 Initialize success
18:38:57.750 VM: initialized successfully
18:38:57.750 VM: Intel CPU supported
18:38:59.509 VM: disk I/O iaStorA.sys
18:39:48.918 AVAST engine defs: 14121701
18:40:16.093 The log file has been saved successfully to "C:\Users\Kunz Family\Desktop\aswMBR.txt"

--- Report generated: 2014-12-18 20:12 ---

Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, fixed)
C:\END
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Conduit.SearchProtect: [SBI $C559C1BC] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\SearchProtect\Environment

Conduit.SearchProtect: [SBI $746A4EE2] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\SearchProtect

Conduit.SearchProtect: [SBI $0356CF55] Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Conduit.SearchProtect: [SBI $F4050CA9] Data (File, fixed)
C:\Users\Kunz Family\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat
Properties.size=122254
Properties.md5=BEA6C9C188929B10D3F3EB5F1FE162EB
Properties.filedate=1418961940
Properties.filedatetext=2014-12-18 20:05:40

Conduit.SearchProtect: [SBI $453597EC] Data (File, fixed)
C:\Users\Kunz Family\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat
Properties.size=2264
Properties.md5=05BAB04F3E8E1D24CCA96A7A9B89B0AB
Properties.filedate=1418960974
Properties.filedatetext=2014-12-18 19:49:34

Conduit.SearchProtect: [SBI $469E3ED0] Application data folder (Directory, fixing failed)
C:\Users\Kunz Family\AppData\Local\SearchProtect\SearchProtect\rep\

Conduit.SearchProtect: [SBI $192A837B] Application data folder (Directory, fixing failed)
C:\Users\Kunz Family\AppData\Local\SearchProtect\SearchProtect\

Conduit.SearchProtect: [SBI $0235E586] Data (File, fixed)
C:\Users\Kunz Family\AppData\Local\SearchProtect\UI\rep\UIRepository.dat
Properties.size=5470
Properties.md5=88C861284791D6253784351E9E828078
Properties.filedate=1418960927
Properties.filedatetext=2014-12-18 19:48:47

Conduit.SearchProtect: [SBI $55B42006] Application data folder (Directory, fixing failed)
C:\Users\Kunz Family\AppData\Local\SearchProtect\UI\rep\

Conduit.SearchProtect: [SBI $6699FFBE] Application data folder (Directory, fixing failed)
C:\Users\Kunz Family\AppData\Local\SearchProtect\UI\

Conduit.SearchProtect: [SBI $CA1A24DA] Application data folder (Directory, fixing failed)
C:\Users\Kunz Family\AppData\Local\SearchProtect\

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
Properties.size=2240
Properties.md5=C823284831366AA9C82971F73F434786
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
Properties.size=2328
Properties.md5=AC8DD5EDC8AE4732C973ADEAF5960644
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
Properties.size=2348
Properties.md5=9AD3CA0D9B9F398BF00205E248F28803
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png
Properties.size=9731
Properties.md5=DE5773B4CF6F2071E7E7C6EA462D5B94
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
Properties.size=11390
Properties.md5=A8216737C79E710DD25848314772E411
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
Properties.size=35253
Properties.md5=CFA7C517FFC17A48DBF5AD101550ED9F
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png
Properties.size=31085
Properties.md5=47CD216C5F869CB8FC9F33C200598D28
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
Properties.size=9918
Properties.md5=BE41660B7A656925FEC4E1AE165DECC2
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
Properties.size=12299
Properties.md5=C4C7D57EE9AEEC4AF65EA156D296273D
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
Properties.size=9198
Properties.md5=544502EE9525EF4AC2ECA21E245F0824
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
Properties.size=16798
Properties.md5=1E304DD7B0EACE57B19FF10ACBE2F498
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
Properties.size=1256
Properties.md5=610708A0FDF2E03669771524E5A6F11A
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
Properties.size=933
Properties.md5=127A8ACFAAE51661CE155A1371816E1F
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
Properties.size=1065
Properties.md5=215653C3BAF2F6890AE676A0A0B03677
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
Properties.size=1364
Properties.md5=2DD758697096D542B449DDB3A4050831
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
Properties.size=378
Properties.md5=1B8A6B986EFD5BA8E80D480B8E4A98ED
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
Properties.size=360
Properties.md5=77A1019ED61C81C13AE27AEBC4C4D325
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
Properties.size=274
Properties.md5=77C3E90B2A59B6B12F3807958C1A3169
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
Properties.size=1264
Properties.md5=58F653D35176784E2D3C47C654DC2F60
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
Properties.size=1405
Properties.md5=E8749086079E532A3D12D083E4718F7E
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
Properties.size=2993
Properties.md5=18392D827455EE4A547E2DFC687C4D2F
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png
Properties.size=1119
Properties.md5=4A9F530F4FAD7130AFF554248281DD83
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
Properties.size=1038
Properties.md5=0C8C517B9B2FED409F630F5FEE55CD9A
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
Properties.size=1049
Properties.md5=710C8790BF108AF58251A8E414DDF7CA
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png
Properties.size=256
Properties.md5=5B809317B81900CA4FF352B39161D873
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
Properties.size=1339
Properties.md5=57119B0CE24F56043CB53394D3290EAC
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
Properties.size=424
Properties.md5=26742402965AA8F6EBCE440BBD118092
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
Properties.size=1014
Properties.md5=C5884E1F373AB89BFD88DA93DD577CDA
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
Properties.size=3264
Properties.md5=48F60B7BBB12D535976714CA2F374982
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
Properties.size=1553
Properties.md5=D5E082CFDA8E92321F066CE6C5379C97
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
Properties.size=1715
Properties.md5=25959ED83887BA9C19564D9D010C8BA9
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
Properties.size=859
Properties.md5=27C663405BB327722461F06C1BA22C64
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
Properties.size=886
Properties.md5=D2FE1CACCAF82BE2E35CD19600A4CF2B
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
Properties.size=1257
Properties.md5=F2D744A1FE7886B67370B957F0CEBE87
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png
Properties.size=10831
Properties.md5=9C4ECF528EE9DA00C71EE5E8EC462C85
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
Properties.size=1198
Properties.md5=395D79FF1D175BEDD626F0F89C51E648
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png
Properties.size=1214
Properties.md5=52B857BDAA5E394BFA9BED9057230E34
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png
Properties.size=1332
Properties.md5=82447070E0073012E0AE56D1672ACA50
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $262BC338] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\

Conduit.SearchProtect: [SBI $6E58973D] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
Properties.size=983
Properties.md5=DFACEA71B332DF9FB7E29EADB83DAA3A
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $E38C360B] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
Properties.size=1909
Properties.md5=07CA109D1DF3233F39024A8DBFFE5288
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $AF06A4D6] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
Properties.size=93868
Properties.md5=DDB84C1587287B2DF08966081EF063BF
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $B173AB3C] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
Properties.size=2780
Properties.md5=18C47581E22A53E0985F6704BB9EB607
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $BADBFC66] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js
Properties.size=10183
Properties.md5=785C8B4A891E023382846CF5D161309C
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $B664B453] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\

Conduit.SearchProtect: [SBI $FD2E0A4B] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
Properties.size=1001
Properties.md5=C1E325669CB79867D5F4245FC258EE1D
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $D47DA58B] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css
Properties.size=4702
Properties.md5=821A41013EAD400C3494E351F487B275
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $EF996C3D] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html
Properties.size=2716
Properties.md5=32A9516526C400FB0E22E6FFA0408346
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $DA42438A] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js
Properties.size=7173
Properties.md5=398B662133BAA40EC6BD693E2A228C56
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $030516D0] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\

Conduit.SearchProtect: [SBI $1DECA8D6] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
Properties.size=1289
Properties.md5=13806AE12A0142A4CB2A49E82EB0AA26
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $3A99343D] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
Properties.size=4702
Properties.md5=821A41013EAD400C3494E351F487B275
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $CD759E15] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
Properties.size=2720
Properties.md5=F215F27D43AE0771D819BC0FAA49EABB
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $30B2D988] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
Properties.size=7173
Properties.md5=398B662133BAA40EC6BD693E2A228C56
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $3C999955] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\

Conduit.SearchProtect: [SBI $61C396D3] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
Properties.size=1298
Properties.md5=69C57354508E008C657AEEAB5B5BFEC0
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $66FF6A61] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css
Properties.size=8098
Properties.md5=F746C1780347AF1D9788993220EF26B4
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $AFF4E594] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html
Properties.size=12470
Properties.md5=B221792A54E32107A0B0D780E5E96364
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $E5868133] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js
Properties.size=11919
Properties.md5=4610E3F24E6A5F56341D8E5A8AF160A6
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $4CD5CF39] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\

Conduit.SearchProtect: [SBI $FF5DF880] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
Properties.size=1282
Properties.md5=6CE7902671165788C0CA77493823382B
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $881968A8] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
Properties.size=5128
Properties.md5=5C22B9DCDACCF9134C977C70C87BB27F
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $4DA27982] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
Properties.size=5142
Properties.md5=8CA3499C13EEC4005287DE1B65556D86
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $0DE56431] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
Properties.size=5912
Properties.md5=1C4BD43884084DD89320FB9E11674AA3
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $27868D8A] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\

Conduit.SearchProtect: [SBI $61720960] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html
Properties.size=8028
Properties.md5=262CCFCF73EA43FB516F909EB68EFFA3
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $AB043D30] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css
Properties.size=7233
Properties.md5=088C8DDE12AE5FE84D9CF82BE075B070
Properties.filedate=1418223814
Properties.filedatetext=2014-12-10 07:03:34

Conduit.SearchProtect: [SBI $25FEE4AE] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\UI\dialogs\

Conduit.SearchProtect: [SBI $36A947DC] Program directory (Directory, fixed)
C:\Program Files (x86)\SearchProtect\UI\rep\

Conduit.SearchProtect: [SBI $C12F11B8] Executable (File, fixed)
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
Properties.size=3478168
Properties.md5=07BA1EED46F86E52923D6C245357402C
Properties.filedate=1418223832
Properties.filedatetext=2014-12-10 07:03:52

Conduit.SearchProtect: [SBI $BBEBD6F8] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\UI\bin\

Conduit.SearchProtect: [SBI $12BC161B] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\UI\

Conduit.SearchProtect: [SBI $0FD70B5A] Data (File, fixed)
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat
Properties.size=48030
Properties.md5=3BBA2AF841102B6E40F179F3A5393E03
Properties.filedate=1418960902
Properties.filedatetext=2014-12-18 19:48:21

Conduit.SearchProtect: [SBI $BE9A1AC2] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\Main\rep\

Conduit.SearchProtect: [SBI $51A9D386] Executable (File, fixed)
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
Properties.size=3320640
Properties.md5=A3D330A00796CC99BF355B16FF4DFF74
Properties.filedate=1418223832
Properties.filedatetext=2014-12-10 07:03:52

Conduit.SearchProtect: [SBI $5D253DB2] Executable (File, fixed)
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe
Properties.size=1194576
Properties.md5=6D6956FDD38BF2C1A76225A828B5F783
Properties.filedate=1418223860
Properties.filedatetext=2014-12-10 07:04:20

Conduit.SearchProtect: [SBI $B4A74870] Library (File, fixed)
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll
Properties.size=2910360
Properties.md5=8A9C29F5A36F2BCECC87DCCC8F32ADCA
Properties.filedate=1418223832
Properties.filedatetext=2014-12-10 07:03:52

Conduit.SearchProtect: [SBI $33D88BE6] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\Main\bin\

Conduit.SearchProtect: [SBI $7BFC40F6] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\Main\

Conduit.SearchProtect: [SBI $9BBE9398] Program directory (Directory, fixed)
C:\Program Files (x86)\SearchProtect\SearchProtect\rep\

Conduit.SearchProtect: [SBI $715267E7] Executable (File, fixed)
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
Properties.size=5853848
Properties.md5=1C8964CBD8CEDE4E88A0032D67A9747F
Properties.filedate=1418223832
Properties.filedatetext=2014-12-10 07:03:52

Conduit.SearchProtect: [SBI $D56375D8] Executable (File, fixed)
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe
Properties.size=1776448
Properties.md5=A518767B7887E462FDBF7CC9676411A7
Properties.filedate=1418223834
Properties.filedatetext=2014-12-10 07:03:54

Conduit.SearchProtect: [SBI $16FC02BC] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\

Conduit.SearchProtect: [SBI $B28BEB4C] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\SearchProtect\

Conduit.SearchProtect: [SBI $61B05016] Text file (File, fixed)
C:\Program Files (x86)\SearchProtect\EULA.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Conduit.SearchProtect: [SBI $D161A3CC] Program directory (Directory, fixing failed)
C:\Program Files (x86)\SearchProtect\

Win32.Agent.wln: [SBI $888C505D] Executable (File, fixed)
C:\Users\Kunz Family\winlogon.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2014-12-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-11-28 Includes\Adware-000.sbi (*)
2014-12-05 Includes\Adware-001.sbi (*)
2014-12-16 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-12 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-11-03 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-10 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-23 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-07-08 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-12-16 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-12-16 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-12-04 Includes\Spyware-000.sbi (*)
2014-12-09 Includes\Spyware-001.sbi (*)
2014-12-16 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-10-02 Includes\Trojans-005.sbi (*)
2014-09-02 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-08 Includes\Trojans-008.sbi (*)
2014-11-03 Includes\Trojans-009.sbi (*)
2014-12-16 Includes\Trojans-C.sbi (*)
2014-04-25 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-10-06 Includes\Trojans-ZB-000.sbi (*)
2014-10-27 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-15 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Thanks for any help

shelf life

2014-12-18, 14:26

hi Kunzie,

First we will stop a service, remove a proxy setting then get some downloads to use.

1) Go to start and in the search field type in services.msc
click enter. Windows Service panel will open.
Under the name column look for: sJMJqtqOYtM
right click on it and select properties
Under startup type change to disabled
For service status: click on the Stop button
click apply/ok to back out.

Open IE and click on the gear looking icon find: internet options or look under Tools>internet options>connections tab>LAN settings
Under proxy server, remove the checkmark.

2) Reboot your machine. Next you can get two downloads that will target adware:

Please download Adwcleaner from here and save to your desktop.

Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

http://www.bleepingcomputer.com/download/adwcleaner/

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Please download Junkware Removal Tool to your desktop.

http://thisisudax.org/downloads/JRT.exe

Double click the icon or Right click for Vista/W7,8 and select Run as administrator
The tool will open and start scanning.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message

Let see what those drag up and we will move on from there.

Kunzie

2014-12-18, 18:47

Thanks for the quick reply. Just a few notes on the steps so far. I am not an expert so I am not sure if any of these observations matter.

1. In addition to the browser hijackers I mention in my original title, I have also noted that a small window pops up in the lower right corner of IE window whenever I click on items in the IE window. It is called "piwik analytics". I am not sure what this is or if it is malware. It is slightly annoying to see it every time I click.

2. When I disabled that process under service.msc, it did not allow me to click stop. None of the buttons were available for me to click. They were all greyed out.When I rebooted, I opened services.msc again and confirmed it was disabled and it said it was stopped as well.

3. I disabled IE proxy setting but when I rebooted it reset itself and when I was trying to DL JRT, I had to disable it again to DL JRT. When I rebooted again, I checked the IE settings, and proxy remained UNCHECKED.

Like I said, none of this may matter to the experts but I thought I would pass on my observations. Now to the logs:

# AdwCleaner v4.105 - Report created 19/12/2014 at 09:10:24
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Kunz Family - KUNZFAMILY-PC
# Running from : C:\Users\Kunz Family\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP
Service Deleted : CltMngSvc
Service Deleted : SPPD

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\KUNZFA~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Kunz Family\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Public\Util
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentExplorer]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\ContentExplorer
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1500}
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v

[8zilnfe2.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=55&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4[...]

*************************

AdwCleaner[R0].txt - [4841 octets] - [19/12/2014 09:09:22]
AdwCleaner[S0].txt - [4460 octets] - [19/12/2014 09:10:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4520 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Kunz Family on Fri 12/19/2014 at 9:19:17.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Kunz Family\AppData\Roaming\pcdr"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/19/2014 at 9:21:54.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks again,

Kunzie

shelf life

2014-12-18, 20:25

hi,

Ok, its a good start. Thanks for the info. Look in your add/remove programs panel and uninstall any of these if you see them listed, if there not there dont worry about it.

Client Connect LTD
SearchProtect
Ask
Ask Toolbar
Search App by Ask
SystemOptimizerPro
Orbiter
WebGuard

Once your done with all the uninstalls reboot your machine.

Next we will use FRST:

Open notepad. Please copy the contents of the code box below into notepad:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKU\S-1-5-21-265481619-2286802819-923454813-1001\...\Run: [ContentExplorer] => C:\Users\Kunz Family\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680 2014-12-17] (ContentExplorer)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD)
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?babsrc=H...19360&tsp=4956
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.doko-search.com/?babsrc=H...19360&tsp=4956
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT332...82B5855A&SSPV=
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013021104234208&tb_oid=11-02-2013
&tb_mrud=11-02-2013
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {5462F4F1-2DD2-40F6-800F-BCF9E49E9D97} URL =
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=996B3890-D438-45E6-86FE-F103B0E234FE&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17041&doi=2014-12-19&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=55&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&SSPV=|hxxp://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=38C800FFB0BB1408&affID=119360&tsp=4956
R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [492496 2014-12-17] (Client Connect LTD)
C:/Program Files (x86)/ORBTR/orbiter.dll
R2 sJMJqtqOYtM; C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe [2726248 2014-12-17] (Interesting Solutions)
C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe
2014-12-18 17:13 - 2014-12-18 17:13 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork
2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-12-17 23:32 - 2014-12-17 23:39 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Enigma Software Group
2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\yQTmyhbhY
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\ContentExplorer
2014-12-17 23:09 - 2014-12-17 23:29 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\WebGuard
2014-12-17 23:09 - 2014-12-17 23:13 - 00000000 ____D () C:\Program Files\WebBar
2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\WebGuard
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\ORBTR
C:\Users\Kunz Family\acrobatreader.exe
C:\Users\Kunz Family\alg22847.exe
C:\Users\Kunz Family\chrome.exe
C:\Users\Kunz Family\conhost.exe
C:\Users\Kunz Family\csrss.exe
C:\Users\Kunz Family\csrss877129.exe
C:\Users\Kunz Family\firefox483107.exe
C:\Users\Kunz Family\flashplayer.exe
C:\Users\Kunz Family\googleupdate.exe
C:\Users\Kunz Family\icq.exe
C:\Users\Kunz Family\java.exe
C:\Users\Kunz Family\jqs.exe
C:\Users\Kunz Family\msconfig.exe
C:\Users\Kunz Family\mstsc.exe
C:\Users\Kunz Family\notepad.exe
C:\Users\Kunz Family\notepad536161.exe
C:\Users\Kunz Family\spoolsv.exe
C:\Users\Kunz Family\spoolsv832448.exe
C:\Users\Kunz Family\teamviewer.exe
C:\Users\Kunz Family\teamviewer464293.exe
C:\Users\Kunz Family\windowsupdate886035.exe
C:\Users\Kunz Family\winlogon.exe
C:\Users\Kunz Family\winlogon653616.exe
C:\Users\Kunz Family\AppData\Local\Temp\APNSetup.exe
C:\Users\Kunz Family\AppData\Local\Temp\ose00000.exe
EmptyTemp:

To do this highlight the contents of the box and right click on it and select copy. Then right click paste into the open notepad.
Save it on the Desktop as fixlist.txt

Run FRST again like before except this time: press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

After the above:
Two more downloads to get, one to fix the proxy issue. The other is a free malware tool you can keep and use.

1) Download
http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Checkmark following boxes:

Reset IE Proxy Settings
Reset FF Proxy Settings
Click Go and post the log.

2) Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe

Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

That should put a big dent in everything. Post the logs and we will go from there.

Kunzie

2014-12-18, 21:56

Ok here's what I got

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Kunz Family at 2014-12-19 11:53:05 Run:1
Running from C:\Users\Kunz Family\Desktop
Loaded Profile: Kunz Family (Available profiles: Kunz Family)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKU\S-1-5-21-265481619-2286802819-923454813-1001\...\Run: [ContentExplorer] => C:\Users\Kunz Family\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680 2014-12-17] (ContentExplorer)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD)
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?babsrc=H...19360&tsp=4956
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.doko-search.com/?babsrc=H...19360&tsp=4956
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT332...82B5855A&SSPV=
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013021104234208&tb_oid=11-02-2013
&tb_mrud=11-02-2013
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {5462F4F1-2DD2-40F6-800F-BCF9E49E9D97} URL =
SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=996B3890-D438-45E6-86FE-F103B0E234FE&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17041&doi=2014-12-19&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=55&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&SSPV=|hxxp://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=38C800FFB0BB1408&affID=119360&tsp=4956
R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [492496 2014-12-17] (Client Connect LTD)
C:/Program Files (x86)/ORBTR/orbiter.dll
R2 sJMJqtqOYtM; C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe [2726248 2014-12-17] (Interesting Solutions)
C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe
2014-12-18 17:13 - 2014-12-18 17:13 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork
2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-12-17 23:32 - 2014-12-17 23:39 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Enigma Software Group
2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\yQTmyhbhY
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\ContentExplorer
2014-12-17 23:09 - 2014-12-17 23:29 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\WebGuard
2014-12-17 23:09 - 2014-12-17 23:13 - 00000000 ____D () C:\Program Files\WebBar
2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\WebGuard
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\ORBTR
C:\Users\Kunz Family\acrobatreader.exe
C:\Users\Kunz Family\alg22847.exe
C:\Users\Kunz Family\chrome.exe
C:\Users\Kunz Family\conhost.exe
C:\Users\Kunz Family\csrss.exe
C:\Users\Kunz Family\csrss877129.exe
C:\Users\Kunz Family\firefox483107.exe
C:\Users\Kunz Family\flashplayer.exe
C:\Users\Kunz Family\googleupdate.exe
C:\Users\Kunz Family\icq.exe
C:\Users\Kunz Family\java.exe
C:\Users\Kunz Family\jqs.exe
C:\Users\Kunz Family\msconfig.exe
C:\Users\Kunz Family\mstsc.exe
C:\Users\Kunz Family\notepad.exe
C:\Users\Kunz Family\notepad536161.exe
C:\Users\Kunz Family\spoolsv.exe
C:\Users\Kunz Family\spoolsv832448.exe
C:\Users\Kunz Family\teamviewer.exe
C:\Users\Kunz Family\teamviewer464293.exe
C:\Users\Kunz Family\windowsupdate886035.exe
C:\Users\Kunz Family\winlogon.exe
C:\Users\Kunz Family\winlogon653616.exe
C:\Users\Kunz Family\AppData\Local\Temp\APNSetup.exe
C:\Users\Kunz Family\AppData\Local\Temp\ose00000.exe
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ContentExplorer => Value not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value Data not found.
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value not found.
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value not found.
HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key not found.
"HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key not found.
&tb_mrud=11-02-2013 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value not found.
"HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5462F4F1-2DD2-40F6-800F-BCF9E49E9D97}" => Key deleted successfully.
"HKCR\CLSID\{5462F4F1-2DD2-40F6-800F-BCF9E49E9D97}" => Key not found.
"HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9}" => Key not found.
"HKCR\CLSID\{6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
Firefox homepage deleted successfully.
Orbiter => Service not found.
C:/Program Files (x86)/ORBTR/orbiter.dll => Error: No automatic fix found for this entry.
sJMJqtqOYtM => Service deleted successfully.
C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe => Moved successfully.
"C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork" => File/Directory not found.
"C:\ProgramData\AskPartnerNetwork" => File/Directory not found.
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
C:\Users\Kunz Family\AppData\Roaming\Enigma Software Group => Moved successfully.
C:\ProgramData\yQTmyhbhY => Moved successfully.
"C:\Users\Kunz Family\AppData\Local\SearchProtect" => File/Directory not found.
C:\Users\Kunz Family\AppData\Roaming\ContentExplorer => Moved successfully.
C:\Users\Kunz Family\AppData\Local\WebGuard => Moved successfully.
C:\Program Files\WebBar => Moved successfully.
C:\ProgramData\WebGuard => Moved successfully.
"C:\Users\Kunz Family\AppData\Local\SearchProtect" => File/Directory not found.
"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
"C:\Program Files (x86)\ORBTR" => File/Directory not found.
C:\Users\Kunz Family\acrobatreader.exe => Moved successfully.
C:\Users\Kunz Family\alg22847.exe => Moved successfully.
C:\Users\Kunz Family\chrome.exe => Moved successfully.
C:\Users\Kunz Family\conhost.exe => Moved successfully.
C:\Users\Kunz Family\csrss.exe => Moved successfully.
C:\Users\Kunz Family\csrss877129.exe => Moved successfully.
C:\Users\Kunz Family\firefox483107.exe => Moved successfully.
C:\Users\Kunz Family\flashplayer.exe => Moved successfully.
C:\Users\Kunz Family\googleupdate.exe => Moved successfully.
C:\Users\Kunz Family\icq.exe => Moved successfully.
C:\Users\Kunz Family\java.exe => Moved successfully.
C:\Users\Kunz Family\jqs.exe => Moved successfully.
C:\Users\Kunz Family\msconfig.exe => Moved successfully.
C:\Users\Kunz Family\mstsc.exe => Moved successfully.
C:\Users\Kunz Family\notepad.exe => Moved successfully.
C:\Users\Kunz Family\notepad536161.exe => Moved successfully.
C:\Users\Kunz Family\spoolsv.exe => Moved successfully.
C:\Users\Kunz Family\spoolsv832448.exe => Moved successfully.
C:\Users\Kunz Family\teamviewer.exe => Moved successfully.
C:\Users\Kunz Family\teamviewer464293.exe => Moved successfully.
C:\Users\Kunz Family\windowsupdate886035.exe => Moved successfully.
"C:\Users\Kunz Family\winlogon.exe" => File/Directory not found.
C:\Users\Kunz Family\winlogon653616.exe => Moved successfully.
"C:\Users\Kunz Family\AppData\Local\Temp\APNSetup.exe" => File/Directory not found.
C:\Users\Kunz Family\AppData\Local\Temp\ose00000.exe => Moved successfully.
EmptyTemp: => Removed 386.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

MiniToolBox by Farbar Version: 30-11-2014
Ran by Kunz Family (administrator) on 19-12-2014 at 12:02:20
Running from "C:\Users\Kunz Family\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

**** End of log ****

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/19/2014
Scan Time: 12:08:18 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.18.05
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kunz Family

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338419
Time Elapsed: 19 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Ask.A, HKU\S-1-5-21-265481619-2286802819-923454813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [f825ff64aad2112510358e43fe049e62],
PUP.Optional.Ask.A, HKU\S-1-5-21-265481619-2286802819-923454813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [f825ff64aad2112510358e43fe049e62],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [9d80f46fd3a9a690f65fdaf6b74dae52],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [62bb560d4f2d053165efdbf50103de22],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.ClientConnect, C:\Users\Kunz Family\Downloads\Setup_TSV28IZT6.exe, Quarantined, [a97489dae79592a433381aa3f8098c74],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, Quarantined, [2fee99cae29a280e47394862738ec13f],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\nbin\VC32Loader.dll, Quarantined, [a17cf073e498b284ccb45654738e58a8],
PUP.Optional.Delta.A, C:\Users\Kunz Family\Desktop\Old Firefox Data\extensions\ffxtlbr@delta.com\uninstall.exe, Quarantined, [b16c3231502c0a2c33dea5e91fe2d52b],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [908d89dad0ac72c471e76967c0443cc4],

Physical Sectors: 0
(No malicious items detected)

(end)

Thanks again for all your help so far.

Kunzie

shelf life

2014-12-19, 00:46

Ok good. Reset FF and IE back to there defaults:

IE: With IE open: Tools>Internet Options>Advanced tab: click the Reset button

FF: With FF open: Help>Troubleshooting information> Reset Firefox

Hows it looking now on your end?

Kunzie

2014-12-20, 05:08

No more browser hijacking with the "trovi" or "doko" and no more piwiks analytics thing popping up in the lower right corner. Browser speed seems a lot better too. It seems fixed from my perspective. Now the task of keeping it that way.

Thanks again, I look forward to your next reply which, after reading ALOT of other threads, I suspect will be the cleanup and preventative suggestions.

shelf life

2014-12-20, 14:49

Ok your welcome. One more download that will remove the tools we used then delete itself. Anything it may miss you can delete yourself.
Keep Malwarebytes to use as antimalware app.

Please download Delfix.exe and save it to your desktop.
https://toolslib.net/downloads/viewdownload/2-delfix/
Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.
The tool will delete itself once it finishes. You can delete the log it generates.

I can tell you that 98% of the stuff we removed was the result of installing software. Software thats questionable to begin with and bundled with third party add ons.

Prevention: I have some tips on my web page in the link below. See the section "know what your installing"

Happy safe surfing out there.