Results 1 to 8 of 8

Thread: Silly poppups on internet browsers ("trovi" "doko")

  1. #1
    Junior Member
    Join Date
    Dec 2014
    Posts
    4

    Default Silly poppups on internet browsers ("trovi" "doko")

    First off thanks for this site and the awesome step by step instructions. I am not a computer whiz but I can follow directions. Any help will be greatly appreciated with removing and preventing malware on my computers (this thread is about my desktop, I will make a new thread as we move forward fixing one at a time).

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
    Ran by Kunz Family (administrator) on KUNZFAMILY-PC on 18-12-2014 18:36:43
    Running from C:\Users\Kunz Family\Desktop
    Loaded Profile: Kunz Family (Available profiles: Kunz Family)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
    (Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
    (Interesting Solutions) C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe
    (Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
    (McAfee, Inc.) C:\Program Files\mcafee\msc\McA7832.tmp
    (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
    (ContentExplorer) C:\Users\Kunz Family\AppData\Roaming\ContentExplorer\ContentExplorer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McU47AF.tmp
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    (APN LLC.) C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
    (APN LLC.) C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_182_ActiveX.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
    HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] ( (Qualcomm®Atheros®))
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\...\Run: [ContentExplorer] => C:\Users\Kunz Family\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680 2014-12-17] (ContentExplorer)
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD)
    AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-265481619-2286802819-923454813-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-265481619-2286802819-923454813-1001] => http=127.0.0.1:59244;https=127.0.0.1:59244
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?babsrc=H...19360&tsp=4956
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.doko-search.com/?babsrc=H...19360&tsp=4956
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT332...82B5855A&SSPV=
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013021104234208&tb_oid=11-02-2013
    &tb_mrud=11-02-2013

    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {5462F4F1-2DD2-40F6-800F-BCF9E49E9D97} URL =
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=996B3890-D438-45E6-86FE-F103B0E234FE&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17041&doi=2014-12-19&trgb=IE&q={searchTerms}&psv=&pt=tb
    BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
    Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kunz Family\AppData\Roaming\Mozilla\Firefox\Profiles\8zilnfe2.default
    FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=55&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&SSPV=|hxxp://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=38C800FFB0BB1408&affID=119360&tsp=4956
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-09-11]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 0298521418917912mcinstcleanup; C:\Windows\TEMP\029852~1.EXE [836168 2014-03-13] (McAfee, Inc.)
    R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-11-24] (APN LLC.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows (R) Win 7 DDK provider)
    R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3320640 2014-12-10] (Client Connect LTD)
    S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
    S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
    S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
    S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
    S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [492496 2014-12-17] (Client Connect LTD)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
    R2 sJMJqtqOYtM; C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe [2726248 2014-12-17] (Interesting Solutions)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
    U3 mfeavfk01; No ImagePath
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
    U3 mfehidk01; No ImagePath
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
    U3 mfencbdc01; No ImagePath
    U3 mfencbdc02; No ImagePath
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
    R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-18 18:36 - 2014-12-18 18:37 - 00020680 _____ () C:\Users\Kunz Family\Desktop\FRST.txt
    2014-12-18 18:35 - 2014-12-18 18:36 - 00000000 ____D () C:\FRST
    2014-12-18 18:35 - 2014-12-18 18:35 - 02121216 _____ (Farbar) C:\Users\Kunz Family\Desktop\FRST64.exe
    2014-12-18 18:33 - 2014-12-18 18:33 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KUNZFAMILY-PC-Microsoft-Windows-7-Professional-(64-bit).dat
    2014-12-18 18:32 - 2014-12-18 18:32 - 00000000 ____D () C:\RegBackup
    2014-12-18 18:21 - 2014-12-18 18:21 - 00289390 _____ () C:\Users\Kunz Family\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance)- Updated.htm
    2014-12-18 18:21 - 2014-12-18 18:21 - 00002237 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-12-18 18:21 - 2014-12-18 18:21 - 00000000 ____D () C:\Users\Kunz Family\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance)- Updated_files
    2014-12-18 18:21 - 2014-12-18 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-12-18 18:21 - 2014-12-18 18:21 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-12-18 18:19 - 2014-12-18 18:19 - 04215584 _____ () C:\Users\Kunz Family\Desktop\tweaking.com_registry_backup_setup.exe
    2014-12-18 18:15 - 2014-12-18 18:15 - 00000000 ___RD () C:\Users\Kunz Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-12-18 17:13 - 2014-12-18 17:13 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork
    2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
    2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\ProgramData\APN
    2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
    2014-12-18 17:11 - 2014-12-18 17:40 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\.minecraft
    2014-12-18 17:11 - 2014-12-18 17:11 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\java
    2014-12-18 17:10 - 2014-12-18 17:11 - 00000000 ____D () C:\ProgramData\Oracle
    2014-12-18 17:10 - 2014-12-18 17:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-12-18 17:10 - 2014-12-18 17:10 - 00000000 ____D () C:\ProgramData\Sun
    2014-12-18 17:10 - 2014-12-18 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-12-18 17:10 - 2014-12-18 17:10 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-12-18 16:07 - 2014-12-18 16:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\PCDr
    2014-12-18 07:52 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
    2014-12-18 00:12 - 2014-12-18 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-12-17 23:43 - 2014-12-17 23:43 - 00001941 _____ () C:\Users\Kunz Family\Desktop\McAfee Internet Security.lnk
    2014-12-17 23:41 - 2014-12-17 23:41 - 00000552 _____ () C:\Windows\SysWOW64\schtasks.bin
    2014-12-17 23:32 - 2014-12-17 23:39 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Enigma Software Group
    2014-12-17 23:32 - 2014-12-17 23:32 - 00000000 _____ () C:\autoexec.bat
    2014-12-17 23:12 - 2014-12-17 23:12 - 00000000 ____D () C:\Windows\system32\appmgmt
    2014-12-17 23:10 - 2014-12-18 18:18 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\CrashDumps
    2014-12-17 23:09 - 2014-12-17 23:41 - 00003322 _____ () C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup
    2014-12-17 23:09 - 2014-12-17 23:29 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\WebGuard
    2014-12-17 23:09 - 2014-12-17 23:13 - 00000000 ____D () C:\Program Files\WebBar
    2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\ContentExplorer
    2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\yQTmyhbhY
    2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\WebGuard
    2014-12-17 23:08 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Mozilla
    2014-12-17 23:08 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Mozilla
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\ORBTR
    2014-12-17 22:48 - 2014-12-17 22:48 - 00003654 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 5520 series
    2014-12-17 22:48 - 2014-12-17 22:48 - 00002250 _____ () C:\Users\Public\Desktop\HP Photosmart 5520 series.lnk
    2014-12-17 22:48 - 2014-12-17 22:48 - 00001993 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
    2014-12-17 22:48 - 2014-12-17 22:48 - 00001182 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5520 series.lnk
    2014-12-17 22:48 - 2014-12-17 22:48 - 00000057 _____ () C:\ProgramData\Ament.ini
    2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\HpUpdate
    2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\ProgramData\Visan
    2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\ProgramData\HP Photo Creations
    2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\Program Files\HP
    2014-12-17 22:48 - 2014-12-17 22:48 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
    2014-12-17 22:48 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMB111.dll
    2014-12-17 22:47 - 2014-12-17 22:49 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\HP
    2014-12-17 22:47 - 2014-12-17 22:47 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Hewlett-Packard
    2014-12-17 22:46 - 2014-12-17 22:48 - 00000000 ____D () C:\Program Files (x86)\Hp
    2014-12-17 22:46 - 2014-12-17 22:46 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
    2014-12-17 22:43 - 2014-12-17 22:43 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\softthinks
    2014-12-17 22:43 - 2014-12-17 22:43 - 00000000 ____D () C:\ProgramData\softthinks
    2014-12-17 22:43 - 2014-05-02 06:33 - 00000118 ____H () C:\DBAR_Ver.txt
    2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
    2014-12-17 22:38 - 2014-12-16 22:06 - 45217712 _____ () C:\Users\Kunz Family\Desktop\Craig's Quicken Data.QDF
    2014-12-15 23:26 - 2014-12-15 23:26 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Adobe
    2014-12-15 23:14 - 2014-12-15 23:14 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-12-15 23:14 - 2014-12-15 23:14 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Apple Computer
    2014-12-15 23:14 - 2014-12-15 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\Program Files\iTunes
    2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\Program Files\iPod
    2014-12-15 23:13 - 2014-12-15 23:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-12-15 23:13 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2014-12-15 23:12 - 2014-12-15 23:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-12-15 23:12 - 2014-12-15 23:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
    2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Apple
    2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\ProgramData\Apple
    2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Program Files\Bonjour
    2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-12-15 23:12 - 2014-12-15 23:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-12-15 22:54 - 2014-12-15 22:54 - 00001556 __RSH () C:\Users\Kunz Family\ntuser.pol
    2014-12-15 22:45 - 2014-12-15 22:57 - 00000000 ____D () C:\Users\Kunz Family\Desktop\Theresa's Pics
    2014-12-15 22:32 - 2014-12-15 22:32 - 00023128 _____ () C:\Windows\system32\emptyregdb.dat
    2014-12-15 21:41 - 2014-12-15 23:14 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Apple Computer
    2014-12-15 21:41 - 2014-12-15 22:32 - 00010623 _____ () C:\Windows\comsetup.log
    2014-12-15 21:40 - 2014-12-15 21:40 - 00000000 ___DC () C:\Users\Kunz Family\AppData\Local\MigWiz
    2014-12-15 21:39 - 2014-12-15 22:56 - 00000000 ____D () C:\Users\Kunz Family\Documents\Quicken
    2014-12-15 21:37 - 2014-12-15 21:37 - 00001816 _____ () C:\Users\Public\Desktop\Quicken Deluxe 2011.lnk
    2014-12-15 21:37 - 2014-12-15 21:37 - 00000357 _____ () C:\Users\Public\Desktop\Free Credit Report and Score.url
    2014-12-15 21:37 - 2011-03-10 17:00 - 04199768 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
    2014-12-15 21:36 - 2014-12-15 21:37 - 00000000 ____D () C:\Program Files (x86)\Quicken
    2014-12-15 21:36 - 2014-12-15 21:36 - 00000126 _____ () C:\Windows\QUICKEN.INI
    2014-12-15 21:36 - 2014-12-15 21:36 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Intuit
    2014-12-15 21:36 - 2014-12-15 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2011
    2014-12-15 21:36 - 2014-12-15 21:36 - 00000000 ____D () C:\ProgramData\Intuit
    2014-12-15 21:26 - 2014-12-15 21:26 - 00001140 _____ () C:\Users\Public\Desktop\Diablo III.lnk
    2014-12-15 21:26 - 2014-12-15 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    2014-12-15 21:25 - 2014-12-15 22:42 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Battle.net
    2014-12-15 21:25 - 2014-12-15 21:35 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Battle.net
    2014-12-15 21:25 - 2014-12-15 21:34 - 00000000 ____D () C:\Program Files (x86)\Diablo III
    2014-12-15 21:25 - 2014-12-15 21:25 - 00001146 _____ () C:\Users\Public\Desktop\Battle.net.lnk
    2014-12-15 21:25 - 2014-12-15 21:25 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Blizzard Entertainment
    2014-12-15 21:25 - 2014-12-15 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2014-12-15 21:25 - 2014-12-15 21:25 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
    2014-12-15 21:25 - 2014-12-15 21:25 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-12-15 21:23 - 2014-12-15 21:24 - 00000000 ____D () C:\ProgramData\Battle.net
    2014-12-15 21:18 - 2014-12-15 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2014-12-15 21:17 - 2014-12-15 21:17 - 00000000 ____D () C:\Windows\PCHEALTH
    2014-12-15 21:16 - 2014-12-15 21:16 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2014-12-15 21:16 - 2014-12-15 21:16 - 00000000 ____D () C:\Program Files\Microsoft Office
    2014-12-15 21:15 - 2014-12-15 21:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-15 21:15 - 2014-12-15 21:15 - 00000000 __RHD () C:\MSOCache
    2014-12-15 21:15 - 2014-12-15 21:15 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\Microsoft Help
    2014-12-15 21:15 - 2014-12-15 21:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
    2014-12-15 21:11 - 2014-12-18 16:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
    2014-12-15 21:11 - 2014-12-17 22:48 - 00000000 ____D () C:\ProgramData\HP
    2014-12-15 21:11 - 2014-12-15 21:11 - 00004006 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
    2014-12-15 21:11 - 2014-12-15 21:11 - 00003218 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
    2014-12-15 21:11 - 2014-12-15 21:11 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Dell
    2014-12-15 21:09 - 2014-12-15 21:09 - 00000000 __SHD () C:\Users\Kunz Family\AppData\Local\EmieUserList
    2014-12-15 21:09 - 2014-12-15 21:09 - 00000000 __SHD () C:\Users\Kunz Family\AppData\Local\EmieSiteList
    2014-12-15 21:09 - 2014-12-15 21:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Macromedia
    2014-12-15 21:09 - 2014-12-15 21:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Intel Corporation
    2014-12-15 21:08 - 2014-12-18 18:15 - 00000000 ____D () C:\Users\Kunz Family\Documents\Bluetooth Folder
    2014-12-15 21:08 - 2014-12-15 23:26 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Adobe
    2014-12-15 21:08 - 2014-12-15 22:32 - 00001415 _____ () C:\Users\Kunz Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-12-15 21:08 - 2014-12-15 21:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Leadertech
    2014-12-15 21:08 - 2014-12-15 21:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Atheros
    2014-12-15 21:08 - 2014-12-15 21:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\BMExplorer
    2014-12-15 21:07 - 2014-12-15 21:44 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\VirtualStore
    2014-12-15 21:05 - 2014-12-17 22:47 - 00110424 _____ () C:\Users\Kunz Family\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-15 21:05 - 2014-12-15 21:05 - 00001975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
    2014-12-15 21:05 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-12-15 21:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-12-15 21:05 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-12-15 21:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-12-15 21:05 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-12-15 21:05 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-12-15 21:05 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-12-15 21:05 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-12-15 21:05 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-12-15 21:05 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-12-15 21:05 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2014-12-15 21:05 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-12-15 21:05 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-12-15 21:05 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-12-15 21:04 - 2014-12-15 22:54 - 00000000 ____D () C:\Users\Kunz Family
    2014-12-15 21:04 - 2014-12-15 21:04 - 00000020 ___SH () C:\Users\Kunz Family\ntuser.ini
    2014-12-15 21:04 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Kunz Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-12-15 21:04 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Kunz Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-12-13 10:26 - 2014-12-13 10:26 - 02206864 ____C (Microsoft Corporation) C:\Users\Kunz Family\Downloads\DefaultPack.EXE
    2014-12-12 08:49 - 2014-12-12 08:49 - 00075264 ____C () C:\Users\Kunz Family\Documents\address labels.pub
    2014-12-11 17:25 - 2014-12-11 17:25 - 01055936 ____C (Adobe) C:\Users\Kunz Family\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
    2014-12-11 17:24 - 2014-12-11 17:24 - 42096984 _____ (Apple Inc.) C:\Users\Kunz Family\Downloads\QuickTimeInstaller(2).exe
    2014-12-11 17:22 - 2014-12-11 17:23 - 42096984 _____ (Apple Inc.) C:\Users\Kunz Family\Downloads\QuickTimeInstaller(1).exe
    2014-12-10 20:14 - 2014-12-15 22:31 - 00000000 ___DC () C:\XWING95
    2014-12-10 20:13 - 2014-12-10 20:13 - 00314891 ____C () C:\Users\Kunz Family\Downloads\XCS_XW95_MSI_v1.0.0.0.zip
    2014-12-10 19:54 - 2014-12-15 21:50 - 00000000 ___DC () C:\Users\Kunz Family\Downloads\XCS_Unofficial_Patch
    2014-12-10 19:53 - 2014-12-10 19:53 - 00266577 ____C () C:\Users\Kunz Family\Downloads\XCS_Unofficial_Patch.zip
    2014-12-09 05:59 - 2014-12-09 05:59 - 00397824 ____C () C:\Users\Kunz Family\Documents\applesox giftcertificate.pub
    2014-11-29 19:46 - 2014-11-29 19:46 - 01942688 ____C () C:\Users\Kunz Family\Downloads\winrar-x64-52b4.exe
    2014-11-29 19:41 - 2014-12-15 21:48 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Kovacic's Textures Pack v1.0.6
    2014-11-29 19:24 - 2014-11-29 19:24 - 04923574 ____C () C:\Users\Kunz Family\Downloads\TConstruct-1.7.10-1.7.1c(2).jar
    2014-11-29 08:24 - 2014-12-12 08:42 - 00068608 ____C () C:\Users\Kunz Family\Documents\budgetdec2014.xls
    2014-11-28 21:43 - 2014-11-28 21:48 - 00000000 ___DC () C:\Users\Kunz Family\Desktop\mods
    2014-11-28 21:39 - 2014-11-28 21:39 - 04923574 ____C () C:\Users\Kunz Family\Downloads\TConstruct-1.7.10-1.7.1c(1).jar
    2014-11-28 21:36 - 2014-11-28 21:36 - 04923574 ____C () C:\Users\Kunz Family\Downloads\TConstruct-1.7.10-1.7.1c.jar
    2014-11-28 21:14 - 2014-12-15 21:48 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Kovacic's Mod Pack v2.1.2-B2

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-18 18:33 - 2014-09-09 17:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-18 18:17 - 2009-07-13 21:13 - 00781540 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-18 18:15 - 2014-09-11 08:00 - 01594646 _____ () C:\Windows\WindowsUpdate.log
    2014-12-18 07:51 - 2014-09-11 08:06 - 00000000 ____D () C:\Program Files\Common Files\mcafee
    2014-12-18 07:48 - 2014-09-11 08:06 - 00000000 ____D () C:\ProgramData\McAfee
    2014-12-18 07:48 - 2014-09-11 08:06 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2014-12-18 00:05 - 2009-07-13 20:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-18 00:05 - 2009-07-13 20:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-18 00:03 - 2014-09-11 08:09 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2014-12-17 23:54 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-17 23:54 - 2009-07-13 20:51 - 00040803 _____ () C:\Windows\setupact.log
    2014-12-17 23:40 - 2010-11-20 19:47 - 00169760 _____ () C:\Windows\PFRO.log
    2014-12-17 23:40 - 2009-07-13 20:45 - 00421848 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-12-17 22:38 - 2014-09-11 08:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2014-12-17 22:34 - 2011-02-10 06:25 - 00000000 ____D () C:\dell
    2014-12-15 23:25 - 2014-03-31 20:11 - 00001410 ____C () C:\Users\Kunz Family\Desktop\Norton Installation Files.lnk
    2014-12-15 22:49 - 2011-12-07 12:40 - 00000000 ___DC () C:\Users\Kunz Family\Desktop\Craig's stuff
    2014-12-15 22:33 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Registration
    2014-12-15 22:31 - 2011-12-16 23:11 - 00000000 ___DC () C:\Users\Public\Juniper Networks
    2014-12-15 22:31 - 2010-11-20 23:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2014-12-15 22:31 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries
    2014-12-15 22:30 - 2014-03-31 20:11 - 00000000 ___DC () C:\Users\Public\Downloads\Norton
    2014-12-15 22:29 - 2011-12-26 15:13 - 00000000 ___DC () C:\Users\Public\Documents\LeapFrog
    2014-12-15 22:27 - 2011-12-07 10:34 - 00000000 ___DC () C:\Theresa transfer
    2014-12-15 22:25 - 2014-09-11 08:10 - 00000000 ____D () C:\Temp
    2014-12-15 22:25 - 2014-09-11 07:52 - 00000000 ____D () C:\Intel
    2014-12-15 22:25 - 2012-11-28 21:30 - 00000000 ___DC () C:\Samsung
    2014-12-15 22:25 - 2012-02-24 14:59 - 00000000 __HDC () C:\$avg
    2014-12-15 22:25 - 2011-12-07 09:54 - 00000000 ___DC () C:\TempEI4
    2014-12-15 22:25 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-12-15 22:25 - 2009-07-13 19:20 - 00000000 __HDC () C:\Windows\system32\GroupPolicy
    2014-12-15 22:24 - 2011-12-07 11:19 - 00000000 ___DC () C:\Users\Kunz Family\TurboTax Prog
    2014-12-15 22:22 - 2011-12-07 11:19 - 00000000 ___DC () C:\Users\Kunz Family\TurboTax
    2014-12-15 22:21 - 2011-12-07 11:19 - 00000000 ___DC () C:\Users\Kunz Family\Quicken
    2014-12-15 21:50 - 2014-05-29 19:04 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Wondershare Video Editor
    2014-12-15 21:50 - 2014-02-12 19:51 - 00000000 ___DC () C:\Users\Kunz Family\Downloads\PC Drivers HeadQuarters
    2014-12-15 21:48 - 2014-10-31 10:42 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Kovacic's Mod Pack v2.1.1-B5
    2014-12-15 21:48 - 2014-03-31 20:17 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Symantec
    2014-12-15 21:48 - 2013-10-22 15:42 - 00000000 ___DC () C:\Users\Kunz Family\Documents\NewBlueFX
    2014-12-15 21:48 - 2013-10-22 15:37 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Adobe
    2014-12-15 21:48 - 2013-07-14 12:26 - 00000000 ___DC () C:\Users\Kunz Family\Documents\My Games
    2014-12-15 21:48 - 2012-08-25 17:17 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Diablo III
    2014-12-15 21:48 - 2012-02-06 12:38 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Amazon MP3
    2014-12-15 21:48 - 2012-01-25 19:29 - 00000000 ___DC () C:\Users\Kunz Family\Documents\TurboTax
    2014-12-15 21:48 - 2011-12-21 08:58 - 00000000 ___DC () C:\Users\Kunz Family\Documents\Outlook Files
    2014-12-15 21:48 - 2011-12-07 21:27 - 00000000 ___DC () C:\Users\Kunz Family\Documents\StarCraft II
    2014-12-15 21:48 - 2011-12-07 11:17 - 00000000 ___DC () C:\Users\Kunz Family\Documents\JPG Files
    2014-12-15 21:48 - 2011-12-07 11:17 - 00000000 ___DC () C:\Users\Kunz Family\Documents\invisible-closing-seam-tutorial_files
    2014-12-15 21:46 - 2014-02-19 17:14 - 00000000 ___DC () C:\Users\Kunz Family\Desktop\Old Firefox Data
    2014-12-15 21:44 - 2011-12-11 15:53 - 00000000 ___DC () C:\Users\Kunz Family\Adobe Photoshop Elements 10
    2014-12-15 21:44 - 2011-12-07 11:29 - 00000000 ___DC () C:\Users\Kunz Family\Desktop\Desktop Files
    2014-12-15 21:18 - 2010-11-20 23:17 - 00000000 ____D () C:\Windows\ShellNew
    2014-12-15 21:17 - 2014-09-11 08:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2014-12-15 21:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-12-15 21:16 - 2009-07-13 18:34 - 00000510 _____ () C:\Windows\win.ini
    2014-12-15 21:11 - 2014-09-11 08:05 - 00000000 ____D () C:\ProgramData\PCDr
    2014-12-15 21:08 - 2014-09-11 08:24 - 00000000 ____D () C:\ProgramData\Atheros
    2014-12-15 21:04 - 2014-09-11 07:59 - 00000000 ____D () C:\ProgramData\Dell
    2014-12-15 10:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-15 10:04 - 2011-02-10 06:25 - 00000000 ____D () C:\Windows\panther
    2014-12-10 07:47 - 2009-07-13 20:54 - 00000368 ___SH () C:\Users\Public\Desktop\desktop (1).ini

    Files to move or delete:
    ====================
    C:\Users\Kunz Family\acrobatreader.exe
    C:\Users\Kunz Family\alg22847.exe
    C:\Users\Kunz Family\chrome.exe
    C:\Users\Kunz Family\conhost.exe
    C:\Users\Kunz Family\csrss.exe
    C:\Users\Kunz Family\csrss877129.exe
    C:\Users\Kunz Family\firefox483107.exe
    C:\Users\Kunz Family\flashplayer.exe
    C:\Users\Kunz Family\googleupdate.exe
    C:\Users\Kunz Family\icq.exe
    C:\Users\Kunz Family\java.exe
    C:\Users\Kunz Family\jqs.exe
    C:\Users\Kunz Family\msconfig.exe
    C:\Users\Kunz Family\mstsc.exe
    C:\Users\Kunz Family\notepad.exe
    C:\Users\Kunz Family\notepad536161.exe
    C:\Users\Kunz Family\spoolsv.exe
    C:\Users\Kunz Family\spoolsv832448.exe
    C:\Users\Kunz Family\teamviewer.exe
    C:\Users\Kunz Family\teamviewer464293.exe
    C:\Users\Kunz Family\windowsupdate886035.exe
    C:\Users\Kunz Family\winlogon.exe
    C:\Users\Kunz Family\winlogon653616.exe


    Some content of TEMP:
    ====================
    C:\Users\Kunz Family\AppData\Local\Temp\APNSetup.exe
    C:\Users\Kunz Family\AppData\Local\Temp\ose00000.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2011-02-10 08:26

    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
    Ran by Kunz Family at 2014-12-18 18:37:12
    Running from C:\Users\Kunz Family\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
    Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
    Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    ContentExplorer (HKLM-x32\...\ContentExplorer) (Version: 8.4 - ContentExplorer.net)
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
    HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Outlook Social Connector (KB2289116) Şş§ó·s (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version: - Microsoft)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
    QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
    Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
    Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1500}) (Version: 12.21.0.114 - APN, LLC) <==== ATTENTION
    Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.10.160 - Client Connect LTD) <==== ATTENTION
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    WebGuard (HKLM-x32\...\WebGuard) (Version: 3.0.21 - Interesting Solutions)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    15-12-2014 21:04:49 Windows Update
    15-12-2014 21:11:07 Windows Update
    15-12-2014 21:15:22 Installed Microsoft Office Professional 2010
    15-12-2014 23:13:01 Installed iTunes
    17-12-2014 22:46:21 Installed HP Support Solutions Framework

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {27D35B70-96BA-4AB6-9A42-3F38227D4A2A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {2FC60092-57B3-46D7-9CBE-C05CAE51C99A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {58F6A018-7867-4D8D-B6D3-1B23B94A609F} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
    Task: {5A97C664-046E-4A6C-9AA9-0737F576374E} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {69AF906E-A43C-4B7F-B693-4691819A3594} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {85B13FA8-200E-4590-8BDE-C01C253603FF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {8D4A129F-36ED-422D-8CDA-A81E37C69622} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {F134476A-CA6F-4853-9A60-D002E111975C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-09-11 08:09 - 2014-03-12 09:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
    2014-09-11 08:09 - 2014-03-12 09:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
    2014-09-11 08:09 - 2014-03-12 09:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
    2013-07-02 19:51 - 2013-07-02 19:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
    2014-09-11 08:09 - 2014-04-30 07:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-09-11 07:55 - 2013-12-09 14:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-09-11 08:09 - 2013-12-17 14:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2014-09-11 08:09 - 2012-11-25 20:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2014-09-11 08:09 - 2012-11-25 20:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-265481619-2286802819-923454813-500 - Administrator - Disabled)
    Guest (S-1-5-21-265481619-2286802819-923454813-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-265481619-2286802819-923454813-1002 - Limited - Enabled)
    Kunz Family (S-1-5-21-265481619-2286802819-923454813-1001 - Administrator - Enabled) => C:\Users\Kunz Family

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/18/2014 06:18:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000374
    Fault offset: 0x000ce753
    Faulting process id: 0x1c1c
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (12/18/2014 06:18:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000374
    Fault offset: 0x000ce753
    Faulting process id: 0x1160
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (12/18/2014 05:13:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x00038e19
    Faulting process id: 0xb78
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (12/18/2014 00:11:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000374
    Fault offset: 0x000ce753
    Faulting process id: 0x1370
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (12/18/2014 00:11:14 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000374
    Fault offset: 0x000ce753
    Faulting process id: 0xe68
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (12/18/2014 00:02:20 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000374
    Fault offset: 0x000ce753
    Faulting process id: 0x654
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (12/17/2014 11:54:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/17/2014 11:40:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/17/2014 11:10:21 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TOASTER.EXE, version: 1.0.1.221, time stamp: 0x5361e87c
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
    Exception code: 0xe0434352
    Fault offset: 0x0000c41f
    Faulting process id: 0x172c
    Faulting application start time: 0xTOASTER.EXE0
    Faulting application path: TOASTER.EXE1
    Faulting module path: TOASTER.EXE2
    Report Id: TOASTER.EXE3

    Error: (12/17/2014 11:10:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: TOASTER.EXE
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ArgumentException
    Stack:
    at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
    at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
    at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
    at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
    at System.Windows.Threading.Dispatcher.Run()
    at System.Windows.Application.RunDispatcher(System.Object)
    at System.Windows.Application.RunInternal(System.Windows.Window)
    at System.Windows.Application.Run(System.Windows.Window)
    at Toaster.App.Main()


    System errors:
    =============
    Error: (12/18/2014 06:15:40 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (12/18/2014 05:08:09 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (12/18/2014 07:52:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    %%1053

    Error: (12/18/2014 07:52:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

    Error: (12/18/2014 07:52:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    %%1053

    Error: (12/18/2014 07:52:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

    Error: (12/18/2014 07:52:51 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}

    Error: (12/18/2014 07:52:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    %%1053

    Error: (12/18/2014 07:52:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

    Error: (12/18/2014 07:52:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    %%1053


    Microsoft Office Sessions:
    =========================
    Error: (12/18/2014 06:18:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7531c1c01d01b31bd167982C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll5dc0802e-8725-11e4-9cc0-38b1db96f6a2

    Error: (12/18/2014 06:18:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753116001d01b321106fdfbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll51bd6a92-8725-11e4-9cc0-38b1db96f6a2

    Error: (12/18/2014 05:13:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c000000500038e19b7801d01b28eeae6839C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll2e5af8f1-871c-11e4-9cc0-38b1db96f6a2

    Error: (12/18/2014 00:11:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753137001d01a9a34b499f6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll7445cb62-868d-11e4-9cc0-38b1db96f6a2

    Error: (12/18/2014 00:11:14 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753e6801d01a98f951ce1fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll6ea43ba9-868d-11e4-9cc0-38b1db96f6a2

    Error: (12/18/2014 00:02:20 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.17041531807e4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75365401d01a98745f57e4C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll3066a95d-868c-11e4-9cc0-38b1db96f6a2

    Error: (12/17/2014 11:54:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/17/2014 11:40:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/17/2014 11:10:21 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TOASTER.EXE1.0.1.2215361e87cKERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41f172c01d01a8de557e0c7C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXEC:\Windows\syswow64\KERNELBASE.dlled6ed7db-8684-11e4-ac02-38b1db96f6a2

    Error: (12/17/2014 11:10:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: TOASTER.EXE
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ArgumentException
    Stack:
    at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
    at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
    at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
    at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
    at System.Windows.Threading.Dispatcher.Run()
    at System.Windows.Application.RunDispatcher(System.Object)
    at System.Windows.Application.RunInternal(System.Windows.Window)
    at System.Windows.Application.Run(System.Windows.Window)
    at Toaster.App.Main()


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    Percentage of memory in use: 15%
    Total physical RAM: 16300.93 MB
    Available physical RAM: 13831.7 MB
    Total Pagefile: 32600.05 MB
    Available Pagefile: 28859.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:732.75 GB) NTFS
    Drive y: (RECOVERY) (Fixed) (Total:24.22 GB) (Free:13.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: FA4DACB7)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=24.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=907.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2014-12-18 18:38:56
    -----------------------------
    18:38:56.112 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:38:56.112 Number of processors: 8 586 0x3C03
    18:38:56.112 ComputerName: KUNZFAMILY-PC UserName: Kunz Family
    18:38:57.485 Initialize success
    18:38:57.750 VM: initialized successfully
    18:38:57.750 VM: Intel CPU supported
    18:38:59.509 VM: disk I/O iaStorA.sys
    18:39:48.918 AVAST engine defs: 14121701
    18:40:16.093 The log file has been saved successfully to "C:\Users\Kunz Family\Desktop\aswMBR.txt"



    --- Report generated: 2014-12-18 20:12 ---

    Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, fixed)
    C:\END
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Conduit.SearchProtect: [SBI $C559C1BC] Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\SearchProtect\Environment

    Conduit.SearchProtect: [SBI $746A4EE2] Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\SearchProtect

    Conduit.SearchProtect: [SBI $0356CF55] Uninstall settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

    Conduit.SearchProtect: [SBI $F4050CA9] Data (File, fixed)
    C:\Users\Kunz Family\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat
    Properties.size=122254
    Properties.md5=BEA6C9C188929B10D3F3EB5F1FE162EB
    Properties.filedate=1418961940
    Properties.filedatetext=2014-12-18 20:05:40

    Conduit.SearchProtect: [SBI $453597EC] Data (File, fixed)
    C:\Users\Kunz Family\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat
    Properties.size=2264
    Properties.md5=05BAB04F3E8E1D24CCA96A7A9B89B0AB
    Properties.filedate=1418960974
    Properties.filedatetext=2014-12-18 19:49:34

    Conduit.SearchProtect: [SBI $469E3ED0] Application data folder (Directory, fixing failed)
    C:\Users\Kunz Family\AppData\Local\SearchProtect\SearchProtect\rep\

    Conduit.SearchProtect: [SBI $192A837B] Application data folder (Directory, fixing failed)
    C:\Users\Kunz Family\AppData\Local\SearchProtect\SearchProtect\

    Conduit.SearchProtect: [SBI $0235E586] Data (File, fixed)
    C:\Users\Kunz Family\AppData\Local\SearchProtect\UI\rep\UIRepository.dat
    Properties.size=5470
    Properties.md5=88C861284791D6253784351E9E828078
    Properties.filedate=1418960927
    Properties.filedatetext=2014-12-18 19:48:47

    Conduit.SearchProtect: [SBI $55B42006] Application data folder (Directory, fixing failed)
    C:\Users\Kunz Family\AppData\Local\SearchProtect\UI\rep\

    Conduit.SearchProtect: [SBI $6699FFBE] Application data folder (Directory, fixing failed)
    C:\Users\Kunz Family\AppData\Local\SearchProtect\UI\

    Conduit.SearchProtect: [SBI $CA1A24DA] Application data folder (Directory, fixing failed)
    C:\Users\Kunz Family\AppData\Local\SearchProtect\

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
    Properties.size=2240
    Properties.md5=C823284831366AA9C82971F73F434786
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
    Properties.size=2328
    Properties.md5=AC8DD5EDC8AE4732C973ADEAF5960644
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
    Properties.size=2348
    Properties.md5=9AD3CA0D9B9F398BF00205E248F28803
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png
    Properties.size=9731
    Properties.md5=DE5773B4CF6F2071E7E7C6EA462D5B94
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
    Properties.size=11390
    Properties.md5=A8216737C79E710DD25848314772E411
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
    Properties.size=35253
    Properties.md5=CFA7C517FFC17A48DBF5AD101550ED9F
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png
    Properties.size=31085
    Properties.md5=47CD216C5F869CB8FC9F33C200598D28
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
    Properties.size=9918
    Properties.md5=BE41660B7A656925FEC4E1AE165DECC2
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
    Properties.size=12299
    Properties.md5=C4C7D57EE9AEEC4AF65EA156D296273D
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
    Properties.size=9198
    Properties.md5=544502EE9525EF4AC2ECA21E245F0824
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
    Properties.size=16798
    Properties.md5=1E304DD7B0EACE57B19FF10ACBE2F498
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
    Properties.size=1256
    Properties.md5=610708A0FDF2E03669771524E5A6F11A
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
    Properties.size=933
    Properties.md5=127A8ACFAAE51661CE155A1371816E1F
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
    Properties.size=1065
    Properties.md5=215653C3BAF2F6890AE676A0A0B03677
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
    Properties.size=1364
    Properties.md5=2DD758697096D542B449DDB3A4050831
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
    Properties.size=378
    Properties.md5=1B8A6B986EFD5BA8E80D480B8E4A98ED
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
    Properties.size=360
    Properties.md5=77A1019ED61C81C13AE27AEBC4C4D325
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
    Properties.size=274
    Properties.md5=77C3E90B2A59B6B12F3807958C1A3169
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
    Properties.size=1264
    Properties.md5=58F653D35176784E2D3C47C654DC2F60
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
    Properties.size=1405
    Properties.md5=E8749086079E532A3D12D083E4718F7E
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
    Properties.size=2993
    Properties.md5=18392D827455EE4A547E2DFC687C4D2F
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png
    Properties.size=1119
    Properties.md5=4A9F530F4FAD7130AFF554248281DD83
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
    Properties.size=1038
    Properties.md5=0C8C517B9B2FED409F630F5FEE55CD9A
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
    Properties.size=1049
    Properties.md5=710C8790BF108AF58251A8E414DDF7CA
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png
    Properties.size=256
    Properties.md5=5B809317B81900CA4FF352B39161D873
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
    Properties.size=1339
    Properties.md5=57119B0CE24F56043CB53394D3290EAC
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
    Properties.size=424
    Properties.md5=26742402965AA8F6EBCE440BBD118092
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
    Properties.size=1014
    Properties.md5=C5884E1F373AB89BFD88DA93DD577CDA
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
    Properties.size=3264
    Properties.md5=48F60B7BBB12D535976714CA2F374982
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
    Properties.size=1553
    Properties.md5=D5E082CFDA8E92321F066CE6C5379C97
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
    Properties.size=1715
    Properties.md5=25959ED83887BA9C19564D9D010C8BA9
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
    Properties.size=859
    Properties.md5=27C663405BB327722461F06C1BA22C64
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
    Properties.size=886
    Properties.md5=D2FE1CACCAF82BE2E35CD19600A4CF2B
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
    Properties.size=1257
    Properties.md5=F2D744A1FE7886B67370B957F0CEBE87
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png
    Properties.size=10831
    Properties.md5=9C4ECF528EE9DA00C71EE5E8EC462C85
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
    Properties.size=1198
    Properties.md5=395D79FF1D175BEDD626F0F89C51E648
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png
    Properties.size=1214
    Properties.md5=52B857BDAA5E394BFA9BED9057230E34
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $622B3442] Picture (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png
    Properties.size=1332
    Properties.md5=82447070E0073012E0AE56D1672ACA50
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $262BC338] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\

    Conduit.SearchProtect: [SBI $6E58973D] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
    Properties.size=983
    Properties.md5=DFACEA71B332DF9FB7E29EADB83DAA3A
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $E38C360B] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
    Properties.size=1909
    Properties.md5=07CA109D1DF3233F39024A8DBFFE5288
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $AF06A4D6] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
    Properties.size=93868
    Properties.md5=DDB84C1587287B2DF08966081EF063BF
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $B173AB3C] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
    Properties.size=2780
    Properties.md5=18C47581E22A53E0985F6704BB9EB607
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $BADBFC66] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js
    Properties.size=10183
    Properties.md5=785C8B4A891E023382846CF5D161309C
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $B664B453] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\

    Conduit.SearchProtect: [SBI $FD2E0A4B] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
    Properties.size=1001
    Properties.md5=C1E325669CB79867D5F4245FC258EE1D
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $D47DA58B] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css
    Properties.size=4702
    Properties.md5=821A41013EAD400C3494E351F487B275
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $EF996C3D] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html
    Properties.size=2716
    Properties.md5=32A9516526C400FB0E22E6FFA0408346
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $DA42438A] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js
    Properties.size=7173
    Properties.md5=398B662133BAA40EC6BD693E2A228C56
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $030516D0] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\

    Conduit.SearchProtect: [SBI $1DECA8D6] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
    Properties.size=1289
    Properties.md5=13806AE12A0142A4CB2A49E82EB0AA26
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $3A99343D] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
    Properties.size=4702
    Properties.md5=821A41013EAD400C3494E351F487B275
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $CD759E15] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
    Properties.size=2720
    Properties.md5=F215F27D43AE0771D819BC0FAA49EABB
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $30B2D988] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
    Properties.size=7173
    Properties.md5=398B662133BAA40EC6BD693E2A228C56
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $3C999955] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\

    Conduit.SearchProtect: [SBI $61C396D3] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
    Properties.size=1298
    Properties.md5=69C57354508E008C657AEEAB5B5BFEC0
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $66FF6A61] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css
    Properties.size=8098
    Properties.md5=F746C1780347AF1D9788993220EF26B4
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $AFF4E594] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html
    Properties.size=12470
    Properties.md5=B221792A54E32107A0B0D780E5E96364
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $E5868133] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js
    Properties.size=11919
    Properties.md5=4610E3F24E6A5F56341D8E5A8AF160A6
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $4CD5CF39] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\

    Conduit.SearchProtect: [SBI $FF5DF880] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
    Properties.size=1282
    Properties.md5=6CE7902671165788C0CA77493823382B
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $881968A8] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
    Properties.size=5128
    Properties.md5=5C22B9DCDACCF9134C977C70C87BB27F
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $4DA27982] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
    Properties.size=5142
    Properties.md5=8CA3499C13EEC4005287DE1B65556D86
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $0DE56431] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
    Properties.size=5912
    Properties.md5=1C4BD43884084DD89320FB9E11674AA3
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $27868D8A] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\

    Conduit.SearchProtect: [SBI $61720960] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html
    Properties.size=8028
    Properties.md5=262CCFCF73EA43FB516F909EB68EFFA3
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $AB043D30] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css
    Properties.size=7233
    Properties.md5=088C8DDE12AE5FE84D9CF82BE075B070
    Properties.filedate=1418223814
    Properties.filedatetext=2014-12-10 07:03:34

    Conduit.SearchProtect: [SBI $25FEE4AE] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\UI\dialogs\

    Conduit.SearchProtect: [SBI $36A947DC] Program directory (Directory, fixed)
    C:\Program Files (x86)\SearchProtect\UI\rep\

    Conduit.SearchProtect: [SBI $C12F11B8] Executable (File, fixed)
    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
    Properties.size=3478168
    Properties.md5=07BA1EED46F86E52923D6C245357402C
    Properties.filedate=1418223832
    Properties.filedatetext=2014-12-10 07:03:52

    Conduit.SearchProtect: [SBI $BBEBD6F8] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\UI\bin\

    Conduit.SearchProtect: [SBI $12BC161B] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\UI\

    Conduit.SearchProtect: [SBI $0FD70B5A] Data (File, fixed)
    C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat
    Properties.size=48030
    Properties.md5=3BBA2AF841102B6E40F179F3A5393E03
    Properties.filedate=1418960902
    Properties.filedatetext=2014-12-18 19:48:21

    Conduit.SearchProtect: [SBI $BE9A1AC2] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\Main\rep\

    Conduit.SearchProtect: [SBI $51A9D386] Executable (File, fixed)
    C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
    Properties.size=3320640
    Properties.md5=A3D330A00796CC99BF355B16FF4DFF74
    Properties.filedate=1418223832
    Properties.filedatetext=2014-12-10 07:03:52

    Conduit.SearchProtect: [SBI $5D253DB2] Executable (File, fixed)
    C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe
    Properties.size=1194576
    Properties.md5=6D6956FDD38BF2C1A76225A828B5F783
    Properties.filedate=1418223860
    Properties.filedatetext=2014-12-10 07:04:20

    Conduit.SearchProtect: [SBI $B4A74870] Library (File, fixed)
    C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll
    Properties.size=2910360
    Properties.md5=8A9C29F5A36F2BCECC87DCCC8F32ADCA
    Properties.filedate=1418223832
    Properties.filedatetext=2014-12-10 07:03:52

    Conduit.SearchProtect: [SBI $33D88BE6] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\Main\bin\

    Conduit.SearchProtect: [SBI $7BFC40F6] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\Main\

    Conduit.SearchProtect: [SBI $9BBE9398] Program directory (Directory, fixed)
    C:\Program Files (x86)\SearchProtect\SearchProtect\rep\

    Conduit.SearchProtect: [SBI $715267E7] Executable (File, fixed)
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
    Properties.size=5853848
    Properties.md5=1C8964CBD8CEDE4E88A0032D67A9747F
    Properties.filedate=1418223832
    Properties.filedatetext=2014-12-10 07:03:52

    Conduit.SearchProtect: [SBI $D56375D8] Executable (File, fixed)
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe
    Properties.size=1776448
    Properties.md5=A518767B7887E462FDBF7CC9676411A7
    Properties.filedate=1418223834
    Properties.filedatetext=2014-12-10 07:03:54

    Conduit.SearchProtect: [SBI $16FC02BC] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\

    Conduit.SearchProtect: [SBI $B28BEB4C] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\SearchProtect\

    Conduit.SearchProtect: [SBI $61B05016] Text file (File, fixed)
    C:\Program Files (x86)\SearchProtect\EULA.txt
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Conduit.SearchProtect: [SBI $D161A3CC] Program directory (Directory, fixing failed)
    C:\Program Files (x86)\SearchProtect\

    Win32.Agent.wln: [SBI $888C505D] Executable (File, fixed)
    C:\Users\Kunz Family\winlogon.exe
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-01-26 TeaTimer.exe (1.6.4.26)
    2014-12-18 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2014-11-28 Includes\Adware-000.sbi (*)
    2014-12-05 Includes\Adware-001.sbi (*)
    2014-12-16 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-12 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2014-01-08 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2014-11-03 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2014-01-09 Includes\Fraud-003.sbi (*)
    2013-04-10 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2014-01-08 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-11-14 Includes\Keyloggers-000.sbi (*)
    2014-09-23 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2014-11-14 Includes\Malware-000.sbi (*)
    2014-11-14 Includes\Malware-001.sbi (*)
    2014-11-14 Includes\Malware-002.sbi (*)
    2014-11-14 Includes\Malware-003.sbi (*)
    2014-11-14 Includes\Malware-004.sbi (*)
    2014-11-14 Includes\Malware-005.sbi (*)
    2014-07-08 Includes\Malware-006.sbi (*)
    2014-01-09 Includes\Malware-007.sbi (*)
    2014-12-16 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2014-01-13 Includes\MalwareC.sbi (*)
    2014-11-14 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2014-12-16 Includes\PUPS-C.sbi (*)
    2014-01-13 Includes\PUPS.sbi (*)
    2014-01-13 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2014-01-08 Includes\Security-C.sbi (*)
    2014-01-08 Includes\Security.sbi (*)
    2014-01-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2014-12-04 Includes\Spyware-000.sbi (*)
    2014-12-09 Includes\Spyware-001.sbi (*)
    2014-12-16 Includes\Spyware-C.sbi (*)
    2014-01-13 Includes\Spyware.sbi (*)
    2014-01-08 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-02-26 Includes\Trojans-001.sbi (*)
    2014-11-14 Includes\Trojans-002.sbi (*)
    2014-01-28 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-10-02 Includes\Trojans-005.sbi (*)
    2014-09-02 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-07-08 Includes\Trojans-008.sbi (*)
    2014-11-03 Includes\Trojans-009.sbi (*)
    2014-12-16 Includes\Trojans-C.sbi (*)
    2014-04-25 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-10-06 Includes\Trojans-ZB-000.sbi (*)
    2014-10-27 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-09 Includes\TrojansC-02.sbi (*)
    2014-01-09 Includes\TrojansC-03.sbi (*)
    2014-01-15 Includes\TrojansC-04.sbi (*)
    2014-01-09 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    Thanks for any help

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi Kunzie,

    First we will stop a service, remove a proxy setting then get some downloads to use.

    1) Go to start and in the search field type in services.msc
    click enter. Windows Service panel will open.
    Under the name column look for: sJMJqtqOYtM
    right click on it and select properties
    Under startup type change to disabled
    For service status: click on the Stop button
    click apply/ok to back out.

    Open IE and click on the gear looking icon find: internet options or look under Tools>internet options>connections tab>LAN settings
    Under proxy server, remove the checkmark.

    2) Reboot your machine. Next you can get two downloads that will target adware:

    Please download Adwcleaner from here and save to your desktop.

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt


    Please download Junkware Removal Tool to your desktop.

    http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

    Let see what those drag up and we will move on from there.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Dec 2014
    Posts
    4

    Default

    Thanks for the quick reply. Just a few notes on the steps so far. I am not an expert so I am not sure if any of these observations matter.

    1. In addition to the browser hijackers I mention in my original title, I have also noted that a small window pops up in the lower right corner of IE window whenever I click on items in the IE window. It is called "piwik analytics". I am not sure what this is or if it is malware. It is slightly annoying to see it every time I click.

    2. When I disabled that process under service.msc, it did not allow me to click stop. None of the buttons were available for me to click. They were all greyed out.When I rebooted, I opened services.msc again and confirmed it was disabled and it said it was stopped as well.

    3. I disabled IE proxy setting but when I rebooted it reset itself and when I was trying to DL JRT, I had to disable it again to DL JRT. When I rebooted again, I checked the IE settings, and proxy remained UNCHECKED.

    Like I said, none of this may matter to the experts but I thought I would pass on my observations. Now to the logs:

    # AdwCleaner v4.105 - Report created 19/12/2014 at 09:10:24
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-16.1 [Live]
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Kunz Family - KUNZFAMILY-PC
    # Running from : C:\Users\Kunz Family\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : APNMCP
    Service Deleted : CltMngSvc
    Service Deleted : SPPD

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\AskPartnerNetwork
    Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    Folder Deleted : C:\Users\KUNZFA~1\AppData\Local\Temp\apn
    Folder Deleted : C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork
    Folder Deleted : C:\Users\Kunz Family\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\Public\Util
    File Deleted : C:\Users\Public\Desktop\eBay.lnk

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentExplorer]
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
    Key Deleted : HKCU\Software\AskPartnerNetwork
    Key Deleted : HKCU\Software\ContentExplorer
    Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
    Key Deleted : HKLM\SOFTWARE\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1500}
    Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v

    [8zilnfe2.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=55&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4[...]

    *************************

    AdwCleaner[R0].txt - [4841 octets] - [19/12/2014 09:09:22]
    AdwCleaner[S0].txt - [4460 octets] - [19/12/2014 09:10:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4520 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Professional x64
    Ran by Kunz Family on Fri 12/19/2014 at 9:19:17.85
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\pcdr"
    Successfully deleted: [Folder] "C:\Users\Kunz Family\AppData\Roaming\pcdr"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 12/19/2014 at 9:21:54.21
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Thanks again,

    Kunzie

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Ok, its a good start. Thanks for the info. Look in your add/remove programs panel and uninstall any of these if you see them listed, if there not there dont worry about it.


    Client Connect LTD
    SearchProtect
    Ask
    Ask Toolbar
    Search App by Ask
    SystemOptimizerPro
    Orbiter
    WebGuard

    Once your done with all the uninstalls reboot your machine.

    Next we will use FRST:

    Open notepad. Please copy the contents of the code box below into notepad:

    Code:
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\...\Run: [ContentExplorer] => C:\Users\Kunz Family\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680 2014-12-17] (ContentExplorer)
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD)
    AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD)
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?babsrc=H...19360&tsp=4956
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.doko-search.com/?babsrc=H...19360&tsp=4956
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT332...82B5855A&SSPV=
    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013021104234208&tb_oid=11-02-2013
    &tb_mrud=11-02-2013
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {5462F4F1-2DD2-40F6-800F-BCF9E49E9D97} URL = 
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=996B3890-D438-45E6-86FE-F103B0E234FE&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17041&doi=2014-12-19&trgb=IE&q={searchTerms}&psv=&pt=tb
    BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
    BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
    Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
    Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
    FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=55&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&SSPV=|hxxp://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=38C800FFB0BB1408&affID=119360&tsp=4956
    R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [492496 2014-12-17] (Client Connect LTD)
    C:/Program Files (x86)/ORBTR/orbiter.dll
    R2 sJMJqtqOYtM; C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe [2726248 2014-12-17] (Interesting Solutions)
    C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe
    2014-12-18 17:13 - 2014-12-18 17:13 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork
    2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
    2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
    2014-12-17 23:32 - 2014-12-17 23:39 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Enigma Software Group
    2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\yQTmyhbhY
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
    2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\ContentExplorer
    2014-12-17 23:09 - 2014-12-17 23:29 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\WebGuard
    2014-12-17 23:09 - 2014-12-17 23:13 - 00000000 ____D () C:\Program Files\WebBar
    2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\WebGuard
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\ORBTR
    C:\Users\Kunz Family\acrobatreader.exe
    C:\Users\Kunz Family\alg22847.exe
    C:\Users\Kunz Family\chrome.exe
    C:\Users\Kunz Family\conhost.exe
    C:\Users\Kunz Family\csrss.exe
    C:\Users\Kunz Family\csrss877129.exe
    C:\Users\Kunz Family\firefox483107.exe
    C:\Users\Kunz Family\flashplayer.exe
    C:\Users\Kunz Family\googleupdate.exe
    C:\Users\Kunz Family\icq.exe
    C:\Users\Kunz Family\java.exe
    C:\Users\Kunz Family\jqs.exe
    C:\Users\Kunz Family\msconfig.exe
    C:\Users\Kunz Family\mstsc.exe
    C:\Users\Kunz Family\notepad.exe
    C:\Users\Kunz Family\notepad536161.exe
    C:\Users\Kunz Family\spoolsv.exe
    C:\Users\Kunz Family\spoolsv832448.exe
    C:\Users\Kunz Family\teamviewer.exe
    C:\Users\Kunz Family\teamviewer464293.exe
    C:\Users\Kunz Family\windowsupdate886035.exe
    C:\Users\Kunz Family\winlogon.exe
    C:\Users\Kunz Family\winlogon653616.exe
    C:\Users\Kunz Family\AppData\Local\Temp\APNSetup.exe
    C:\Users\Kunz Family\AppData\Local\Temp\ose00000.exe
    EmptyTemp:
    To do this highlight the contents of the box and right click on it and select copy. Then right click paste into the open notepad.
    Save it on the Desktop as fixlist.txt

    Run FRST again like before except this time: press the Fix button just once and wait.
    The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

    After the above:
    Two more downloads to get, one to fix the proxy issue. The other is a free malware tool you can keep and use.

    1) Download
    http://www.bleepingcomputer.com/down...toolbox/dl/65/

    Checkmark following boxes:

    Reset IE Proxy Settings
    Reset FF Proxy Settings
    Click Go and post the log.

    2) Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

    http://data-cdn.mbamupdates.com/v2/m...2.0.3.1025.exe


    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
    Launch Malwarebytes Anti-Malware
    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
    'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.

    That should put a big dent in everything. Post the logs and we will go from there.
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Dec 2014
    Posts
    4

    Default

    Ok here's what I got

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
    Ran by Kunz Family at 2014-12-19 11:53:05 Run:1
    Running from C:\Users\Kunz Family\Desktop
    Loaded Profile: Kunz Family (Available profiles: Kunz Family)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\...\Run: [ContentExplorer] => C:\Users\Kunz Family\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680 2014-12-17] (ContentExplorer)
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD)
    AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD)
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?babsrc=H...19360&tsp=4956
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.doko-search.com/?babsrc=H...19360&tsp=4956
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT332...82B5855A&SSPV=
    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013021104234208&tb_oid=11-02-2013
    &tb_mrud=11-02-2013
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=58&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {5462F4F1-2DD2-40F6-800F-BCF9E49E9D97} URL =
    SearchScopes: HKU\S-1-5-21-265481619-2286802819-923454813-1001 -> {6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=996B3890-D438-45E6-86FE-F103B0E234FE&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17041&doi=2014-12-19&trgb=IE&q={searchTerms}&psv=&pt=tb
    BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
    BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
    Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
    Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
    FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3A5ADD2A-7002-49D8-B0F2-6370A8592005&SearchSource=55&CUI=&UM=8&UP=SP57DD9C7C-845B-41D6-B8C4-3FB482B5855A&SSPV=|hxxp://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=38C800FFB0BB1408&affID=119360&tsp=4956
    R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [492496 2014-12-17] (Client Connect LTD)
    C:/Program Files (x86)/ORBTR/orbiter.dll
    R2 sJMJqtqOYtM; C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe [2726248 2014-12-17] (Interesting Solutions)
    C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe
    2014-12-18 17:13 - 2014-12-18 17:13 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork
    2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
    2014-12-18 17:12 - 2014-12-18 17:12 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
    2014-12-17 23:32 - 2014-12-17 23:39 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\Enigma Software Group
    2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\yQTmyhbhY
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
    2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\Users\Kunz Family\AppData\Roaming\ContentExplorer
    2014-12-17 23:09 - 2014-12-17 23:29 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\WebGuard
    2014-12-17 23:09 - 2014-12-17 23:13 - 00000000 ____D () C:\Program Files\WebBar
    2014-12-17 23:09 - 2014-12-17 23:09 - 00000000 ____D () C:\ProgramData\WebGuard
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Users\Kunz Family\AppData\Local\SearchProtect
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
    2014-12-17 23:08 - 2014-12-17 23:08 - 00000000 ____D () C:\Program Files (x86)\ORBTR
    C:\Users\Kunz Family\acrobatreader.exe
    C:\Users\Kunz Family\alg22847.exe
    C:\Users\Kunz Family\chrome.exe
    C:\Users\Kunz Family\conhost.exe
    C:\Users\Kunz Family\csrss.exe
    C:\Users\Kunz Family\csrss877129.exe
    C:\Users\Kunz Family\firefox483107.exe
    C:\Users\Kunz Family\flashplayer.exe
    C:\Users\Kunz Family\googleupdate.exe
    C:\Users\Kunz Family\icq.exe
    C:\Users\Kunz Family\java.exe
    C:\Users\Kunz Family\jqs.exe
    C:\Users\Kunz Family\msconfig.exe
    C:\Users\Kunz Family\mstsc.exe
    C:\Users\Kunz Family\notepad.exe
    C:\Users\Kunz Family\notepad536161.exe
    C:\Users\Kunz Family\spoolsv.exe
    C:\Users\Kunz Family\spoolsv832448.exe
    C:\Users\Kunz Family\teamviewer.exe
    C:\Users\Kunz Family\teamviewer464293.exe
    C:\Users\Kunz Family\windowsupdate886035.exe
    C:\Users\Kunz Family\winlogon.exe
    C:\Users\Kunz Family\winlogon653616.exe
    C:\Users\Kunz Family\AppData\Local\Temp\APNSetup.exe
    C:\Users\Kunz Family\AppData\Local\Temp\ose00000.exe
    EmptyTemp:
    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ContentExplorer => Value not found.
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data not found.
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value Data not found.
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value not found.
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value not found.
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key not found.
    "HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key not found.
    &tb_mrud=11-02-2013 => Error: No automatic fix found for this entry.
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value not found.
    "HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
    "HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
    "HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5462F4F1-2DD2-40F6-800F-BCF9E49E9D97}" => Key deleted successfully.
    "HKCR\CLSID\{5462F4F1-2DD2-40F6-800F-BCF9E49E9D97}" => Key not found.
    "HKU\S-1-5-21-265481619-2286802819-923454813-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9}" => Key not found.
    "HKCR\CLSID\{6C26CBEB-1AFB-47A8-A79D-F3B8E62839A9}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
    "HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
    "HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
    Firefox homepage deleted successfully.
    Orbiter => Service not found.
    C:/Program Files (x86)/ORBTR/orbiter.dll => Error: No automatic fix found for this entry.
    sJMJqtqOYtM => Service deleted successfully.
    C:\ProgramData\yQTmyhbhY\sJMJqtqOYtM.exe => Moved successfully.
    "C:\Users\Kunz Family\AppData\Local\AskPartnerNetwork" => File/Directory not found.
    "C:\ProgramData\AskPartnerNetwork" => File/Directory not found.
    "C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
    C:\Users\Kunz Family\AppData\Roaming\Enigma Software Group => Moved successfully.
    C:\ProgramData\yQTmyhbhY => Moved successfully.
    "C:\Users\Kunz Family\AppData\Local\SearchProtect" => File/Directory not found.
    C:\Users\Kunz Family\AppData\Roaming\ContentExplorer => Moved successfully.
    C:\Users\Kunz Family\AppData\Local\WebGuard => Moved successfully.
    C:\Program Files\WebBar => Moved successfully.
    C:\ProgramData\WebGuard => Moved successfully.
    "C:\Users\Kunz Family\AppData\Local\SearchProtect" => File/Directory not found.
    "C:\Program Files (x86)\SearchProtect" => File/Directory not found.
    "C:\Program Files (x86)\ORBTR" => File/Directory not found.
    C:\Users\Kunz Family\acrobatreader.exe => Moved successfully.
    C:\Users\Kunz Family\alg22847.exe => Moved successfully.
    C:\Users\Kunz Family\chrome.exe => Moved successfully.
    C:\Users\Kunz Family\conhost.exe => Moved successfully.
    C:\Users\Kunz Family\csrss.exe => Moved successfully.
    C:\Users\Kunz Family\csrss877129.exe => Moved successfully.
    C:\Users\Kunz Family\firefox483107.exe => Moved successfully.
    C:\Users\Kunz Family\flashplayer.exe => Moved successfully.
    C:\Users\Kunz Family\googleupdate.exe => Moved successfully.
    C:\Users\Kunz Family\icq.exe => Moved successfully.
    C:\Users\Kunz Family\java.exe => Moved successfully.
    C:\Users\Kunz Family\jqs.exe => Moved successfully.
    C:\Users\Kunz Family\msconfig.exe => Moved successfully.
    C:\Users\Kunz Family\mstsc.exe => Moved successfully.
    C:\Users\Kunz Family\notepad.exe => Moved successfully.
    C:\Users\Kunz Family\notepad536161.exe => Moved successfully.
    C:\Users\Kunz Family\spoolsv.exe => Moved successfully.
    C:\Users\Kunz Family\spoolsv832448.exe => Moved successfully.
    C:\Users\Kunz Family\teamviewer.exe => Moved successfully.
    C:\Users\Kunz Family\teamviewer464293.exe => Moved successfully.
    C:\Users\Kunz Family\windowsupdate886035.exe => Moved successfully.
    "C:\Users\Kunz Family\winlogon.exe" => File/Directory not found.
    C:\Users\Kunz Family\winlogon653616.exe => Moved successfully.
    "C:\Users\Kunz Family\AppData\Local\Temp\APNSetup.exe" => File/Directory not found.
    C:\Users\Kunz Family\AppData\Local\Temp\ose00000.exe => Moved successfully.
    EmptyTemp: => Removed 386.8 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

    MiniToolBox by Farbar Version: 30-11-2014
    Ran by Kunz Family (administrator) on 19-12-2014 at 12:02:20
    Running from "C:\Users\Kunz Family\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    "Reset FF Proxy Settings": Firefox Proxy settings were reset.


    **** End of log ****

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/19/2014
    Scan Time: 12:08:18 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.18.05
    Rootkit Database: v2014.12.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Kunz Family

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 338419
    Time Elapsed: 19 min, 14 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 4
    PUP.Optional.Ask.A, HKU\S-1-5-21-265481619-2286802819-923454813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [f825ff64aad2112510358e43fe049e62],
    PUP.Optional.Ask.A, HKU\S-1-5-21-265481619-2286802819-923454813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [f825ff64aad2112510358e43fe049e62],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [9d80f46fd3a9a690f65fdaf6b74dae52],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [62bb560d4f2d053165efdbf50103de22],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 5
    PUP.Optional.ClientConnect, C:\Users\Kunz Family\Downloads\Setup_TSV28IZT6.exe, Quarantined, [a97489dae79592a433381aa3f8098c74],
    PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, Quarantined, [2fee99cae29a280e47394862738ec13f],
    PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\nbin\VC32Loader.dll, Quarantined, [a17cf073e498b284ccb45654738e58a8],
    PUP.Optional.Delta.A, C:\Users\Kunz Family\Desktop\Old Firefox Data\extensions\ffxtlbr@delta.com\uninstall.exe, Quarantined, [b16c3231502c0a2c33dea5e91fe2d52b],
    PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [908d89dad0ac72c471e76967c0443cc4],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Thanks again for all your help so far.

    Kunzie

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Ok good. Reset FF and IE back to there defaults:

    IE: With IE open: Tools>Internet Options>Advanced tab: click the Reset button

    FF: With FF open: Help>Troubleshooting information> Reset Firefox

    Hows it looking now on your end?
    How Can I Reduce My Risk?

  7. #7
    Junior Member
    Join Date
    Dec 2014
    Posts
    4

    Default

    No more browser hijacking with the "trovi" or "doko" and no more piwiks analytics thing popping up in the lower right corner. Browser speed seems a lot better too. It seems fixed from my perspective. Now the task of keeping it that way.

    Thanks again, I look forward to your next reply which, after reading ALOT of other threads, I suspect will be the cleanup and preventative suggestions.

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Ok your welcome. One more download that will remove the tools we used then delete itself. Anything it may miss you can delete yourself.
    Keep Malwarebytes to use as antimalware app.

    Please download Delfix.exe and save it to your desktop.
    https://toolslib.net/downloads/viewdownload/2-delfix/
    Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.
    The tool will delete itself once it finishes. You can delete the log it generates.

    I can tell you that 98% of the stuff we removed was the result of installing software. Software thats questionable to begin with and bundled with third party add ons.

    Prevention: I have some tips on my web page in the link below. See the section "know what your installing"

    Happy safe surfing out there.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •