Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan dot Dealply [Solved]

Started by PittPewee , Jul 21 2015 10:38 AM

  • This topic is locked This topic is locked

#1
PittPewee
Posted 21 July 2015 - 10:38 AM

PittPewee

    Member

  • Member
  • PipPip
  • 14 posts

Hello, I typed windstream.net into my chrome browser and a page opened that alerted me to trojan dot Dealply. There was an annoying noise and a Norton logo, along with a phone number to call. I could not close the page, so I called and allowed my computer to be analyzed and was told to buy network protection. I decided to go to task manager and closed all of the open windows.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Huber Desktop (administrator) on HUBERDESKTOP-PC on 21-07-2015 12:20:59
Running from C:\Users\Huber Desktop\Desktop
Loaded Profiles: Huber Desktop (Available Profiles: Huber Desktop)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dlcxcoms.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
() C:\Users\Huber Desktop\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dropbox, Inc.) C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Callaway) C:\Program Files (x86)\Callaway\upro sync\UPROsync.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.7.0\ScriptHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe [292336 2007-01-12] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()
HKLM\...\Run: [DLCXCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll,RunDLLEntry
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2563472 2015-07-16] ()
HKLM-x32\...\Run: [uProWebSync] => C:\Program Files (x86)\Callaway\upro sync\UPROsync.exe [764928 2012-09-13] (Callaway)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1814905456-3194672661-2885556747-1000\...\Run: [Amazon Music] => C:\Users\Huber Desktop\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] ()
HKU\S-1-5-21-1814905456-3194672661-2885556747-1000\...\Run: [Dropbox Update] => C:\Users\Huber Desktop\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-03-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Huber Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1814905456-3194672661-2885556747-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2014-08-2914:05:22&v=18.7.0.147&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-1814905456-3194672661-2885556747-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000 -> DefaultScope {F1D6D8B8-D23A-41C0-AAC8-9CA2819BBA8B} URL = 
SearchScopes: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-08-2914:05:22&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000 -> {F1D6D8B8-D23A-41C0-AAC8-9CA2819BBA8B} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.7.0.147\AVG SafeGuard toolbar_toolbar.dll [2015-07-16] (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.7.0\ViProtocol.dll [2015-07-16] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{5B233DED-A192-4990-B3C6-ECD6B19E357C}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B873614E-A38B-42BE-97F6-AA55278BC884}: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.7.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13]
CHR Extension: (Google Drive) - C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13]
CHR Extension: (YouTube) - C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]
CHR Extension: (Google Search) - C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (AVG SafeGuard) - C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-08-29]
CHR Extension: (Google Wallet) - C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR Extension: (Gmail) - C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
R2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [561152 2006-10-11] ( )
R2 dlcx_device; C:\Windows\SysWOW64\dlcxcoms.exe [532480 2006-10-11] ( ) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 vToolbarUpdater18.7.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [1842576 2015-07-16] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-21 12:20 - 2015-07-21 12:21 - 00018721 _____ C:\Users\Huber Desktop\Desktop\FRST.txt
2015-07-21 12:20 - 2015-07-21 12:21 - 00000000 ____D C:\FRST
2015-07-21 12:03 - 2015-07-21 12:03 - 02135552 _____ (Farbar) C:\Users\Huber Desktop\Desktop\FRST64.exe
2015-07-21 10:47 - 2015-07-21 11:03 - 00000829 _____ C:\Users\Huber Desktop\Desktop\Ocean Walter.txt
2015-07-21 10:31 - 2015-07-21 10:31 - 00000000 ____D C:\Users\Huber Desktop\AppData\Roaming\TeamViewer
2015-07-20 13:04 - 2015-07-20 13:04 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-20 13:04 - 2015-07-20 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-20 13:03 - 2015-07-20 13:04 - 00000000 ____D C:\Program Files\iTunes
2015-07-20 13:03 - 2015-07-20 13:03 - 00000000 ____D C:\Program Files\iPod
2015-07-20 13:03 - 2015-07-20 13:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-15 14:54 - 2015-07-15 14:54 - 00001946 _____ C:\Users\Public\Desktop\DxO OpticsPro 10.lnk
2015-07-15 14:54 - 2015-07-15 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO OpticsPro 10
2015-07-15 14:54 - 2015-07-15 14:54 - 00000000 ____D C:\Program Files\DxO Labs
2015-07-15 03:13 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 03:13 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 03:13 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 03:13 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 03:13 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 03:13 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 03:13 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 03:13 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 03:13 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 03:13 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 03:13 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 03:13 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 03:13 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 03:13 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 03:13 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 03:13 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 03:13 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 03:13 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 03:13 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 03:13 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 03:13 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 03:13 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 03:13 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 03:13 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 03:13 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 03:13 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 03:13 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 03:13 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 03:13 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 03:13 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 03:13 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 03:13 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 03:13 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 03:13 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 03:13 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 03:13 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 03:13 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 03:12 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 03:12 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 03:12 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 03:12 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 03:12 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 03:12 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 03:12 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 03:12 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 03:12 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 03:12 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 03:12 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 03:12 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 03:12 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 03:12 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 03:12 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 03:12 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 03:12 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 03:12 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 03:12 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 03:12 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 03:12 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 03:12 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 03:12 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 03:12 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 03:12 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 03:12 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 03:12 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 03:12 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 03:12 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 03:12 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 03:12 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 03:12 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 03:12 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 03:12 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 03:12 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 03:12 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 03:12 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 03:12 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 03:12 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 03:12 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 03:12 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 03:12 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 03:12 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 03:12 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 03:10 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 03:10 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 03:10 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 03:10 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 03:10 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 03:10 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 03:10 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 03:10 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 03:10 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 03:10 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 03:10 - 2015-07-03 14:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 03:10 - 2015-07-03 14:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 03:10 - 2015-07-03 14:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 03:10 - 2015-07-03 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 03:10 - 2015-07-03 13:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 03:10 - 2015-07-03 13:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 03:10 - 2015-07-03 13:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 03:10 - 2015-07-03 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 03:10 - 2015-07-03 12:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 03:10 - 2015-07-03 12:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 03:10 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 03:10 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 03:10 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 03:10 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 03:10 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 03:10 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 03:10 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 03:10 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 03:10 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 03:10 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 03:10 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 03:10 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 03:10 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 03:10 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 03:10 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 03:10 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 03:10 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 03:10 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 03:10 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 03:10 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 03:10 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 03:10 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 03:10 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 03:10 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 03:10 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 03:10 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 03:10 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 03:10 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 03:10 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 03:10 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 03:10 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 03:10 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 03:10 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 03:10 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 03:10 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 03:10 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 03:10 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 03:10 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 03:10 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 03:10 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 03:10 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 03:10 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 03:10 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 03:10 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 03:10 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 03:10 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 03:10 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 03:10 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 03:10 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-13 09:36 - 2015-07-13 09:36 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-13 09:36 - 2015-07-13 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-13 09:36 - 2015-07-13 09:36 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-10 19:00 - 2015-07-10 19:00 - 00000000 ____D C:\Users\Huber Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-30 18:46 - 2015-06-30 18:46 - 00000000 __HDC C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-25 19:41 - 2015-06-25 19:41 - 00027546 _____ C:\Users\Huber Desktop\Documents\Jury duty summons 2015.odt
2015-06-23 17:04 - 2015-07-20 17:12 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-23 17:04 - 2015-06-23 17:04 - 00004060 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-23 17:04 - 2015-06-23 17:04 - 00003248 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-23 17:04 - 2015-06-23 17:04 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-23 17:04 - 2015-06-23 17:04 - 00000000 ____D C:\Program Files\Dell Support Center
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-21 12:13 - 2013-08-30 12:58 - 01852530 _____ C:\Windows\WindowsUpdate.log
2015-07-21 12:12 - 2014-01-13 13:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-21 12:05 - 2015-06-19 11:18 - 00000950 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1814905456-3194672661-2885556747-1000UA.job
2015-07-21 12:00 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-21 12:00 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-21 11:48 - 2013-08-30 12:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-21 11:43 - 2014-01-16 12:34 - 00000000 ____D C:\ProgramData\MFAData
2015-07-20 20:05 - 2015-06-19 11:18 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1814905456-3194672661-2885556747-1000Core.job
2015-07-20 17:12 - 2014-01-13 13:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 13:03 - 2014-12-15 08:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 21:29 - 2014-07-11 16:10 - 00000000 ____D C:\Users\Huber Desktop\Desktop\Mike Stuff
2015-07-19 08:42 - 2014-06-16 10:04 - 00002612 ____H C:\Users\Huber Desktop\Documents\ZbThumbnail.info
2015-07-18 20:00 - 2015-06-19 11:18 - 00003936 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1814905456-3194672661-2885556747-1000UA
2015-07-18 20:00 - 2015-06-19 11:18 - 00003540 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1814905456-3194672661-2885556747-1000Core
2015-07-18 12:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 19:27 - 2014-08-29 14:05 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2015-07-16 06:16 - 2014-01-13 23:56 - 00000000 ____D C:\Program Files\Dl_cats
2015-07-16 06:16 - 2014-01-13 18:46 - 00000000 ___RD C:\Users\Huber Desktop\Dropbox
2015-07-16 06:16 - 2014-01-13 18:44 - 00000000 ____D C:\Users\Huber Desktop\AppData\Roaming\Dropbox
2015-07-16 06:16 - 2013-08-30 13:13 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-07-16 06:16 - 2013-08-30 13:13 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-07-16 06:16 - 2013-08-30 13:05 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-07-16 03:31 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 03:26 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 03:26 - 2009-07-14 00:51 - 00049458 _____ C:\Windows\setupact.log
2015-07-16 03:26 - 2009-07-14 00:45 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 03:25 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 03:24 - 2014-12-11 04:17 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:24 - 2014-05-09 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 03:06 - 2014-01-17 14:45 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 17:07 - 2014-01-13 13:18 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 17:07 - 2014-01-13 13:18 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 14:54 - 2014-12-25 16:47 - 00000000 ____D C:\ProgramData\DxO Labs
2015-07-15 14:53 - 2015-02-25 21:29 - 00000000 ____D C:\Users\Huber Desktop\Documents\DxO OpticsPro 10 crashes
2015-07-15 03:03 - 2013-08-30 13:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 03:01 - 2015-01-11 21:48 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-15 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-14 17:59 - 2013-08-30 12:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 17:59 - 2013-08-30 12:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 17:59 - 2013-08-30 12:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 12:01 - 2014-01-13 13:19 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-13 09:40 - 2015-04-13 12:33 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-06 18:21 - 2014-10-21 15:07 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-06 18:21 - 2014-03-31 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-03 08:43 - 2014-01-17 14:45 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 16:22 - 2014-06-24 16:25 - 00000000 ____D C:\Users\Huber Desktop\AppData\Local\Adobe
2015-06-30 18:46 - 2015-03-05 16:42 - 00003820 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-06-30 18:45 - 2015-03-05 16:42 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-06-24 18:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-23 17:04 - 2013-08-30 13:09 - 00000000 ____D C:\ProgramData\PCDr
2015-06-23 17:04 - 2013-08-30 13:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
 
==================== Files in the root of some directories =======
 
2015-05-03 13:09 - 2015-05-03 13:09 - 0003584 _____ () C:\Users\Huber Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-30 21:26 - 2014-09-30 21:26 - 1818176 _____ () C:\ProgramData\SPL2AE7.tmp
2015-03-04 04:18 - 2015-03-04 04:18 - 2661169 _____ () C:\ProgramData\SPL2B05.tmp
2015-02-26 04:18 - 2015-02-26 04:18 - 2661169 _____ () C:\ProgramData\SPL31C9.tmp
2015-02-23 23:34 - 2015-02-23 23:34 - 2661169 _____ () C:\ProgramData\SPL3CF0.tmp
2015-02-25 12:54 - 2015-02-25 12:54 - 2661169 _____ () C:\ProgramData\SPL448E.tmp
2015-04-02 03:23 - 2015-04-02 03:23 - 6506169 _____ () C:\ProgramData\SPL4836.tmp
2015-04-01 19:44 - 2015-04-01 19:44 - 9566612 _____ () C:\ProgramData\SPL64D0.tmp
2015-04-02 16:47 - 2015-04-02 16:47 - 6506169 _____ () C:\ProgramData\SPL719C.tmp
2014-10-30 22:04 - 2014-10-30 22:04 - 4798989 _____ () C:\ProgramData\SPL7AF4.tmp
2014-09-30 19:12 - 2014-09-30 19:12 - 5711720 _____ () C:\ProgramData\SPL84B2.tmp
2014-04-13 00:48 - 2014-04-13 00:48 - 2528574 _____ () C:\ProgramData\SPL906A.tmp
2015-02-20 19:22 - 2015-02-20 19:22 - 2661169 _____ () C:\ProgramData\SPLB52B.tmp
2014-09-30 21:12 - 2014-09-30 21:12 - 5711720 _____ () C:\ProgramData\SPLBE2F.tmp
2014-09-30 21:07 - 2014-09-30 21:07 - 5711720 _____ () C:\ProgramData\SPLBFF4.tmp
2015-02-14 20:43 - 2015-02-14 20:43 - 2661169 _____ () C:\ProgramData\SPLCEF.tmp
2014-09-30 20:51 - 2014-09-30 20:51 - 5711720 _____ () C:\ProgramData\SPLE9A2.tmp
2015-02-15 04:29 - 2015-02-15 04:29 - 2661169 _____ () C:\ProgramData\SPLEE54.tmp
 
Some files in TEMP:
====================
C:\Users\Huber Desktop\AppData\Local\Temp\dop10_splashscreen.dll
C:\Users\Huber Desktop\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphdikw3.dll
C:\Users\Huber Desktop\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Huber Desktop\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Huber Desktop\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Huber Desktop\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Huber Desktop\AppData\Local\Temp\jre-8u40-windows-au.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-14 19:40
 
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Huber Desktop at 2015-07-21 12:21:28
Running from C:\Users\Huber Desktop\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1814905456-3194672661-2885556747-500 - Administrator - Disabled)
Guest (S-1-5-21-1814905456-3194672661-2885556747-501 - Limited - Disabled)
Huber Desktop (S-1-5-21-1814905456-3194672661-2885556747-1000 - Administrator - Enabled) => C:\Users\Huber Desktop
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1814905456-3194672661-2885556747-1000\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.7.0.147 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version:  - Dell, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
Dropbox (HKU\S-1-5-21-1814905456-3194672661-2885556747-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
DxO OpticsPro 10 (HKLM\...\{AB1F9A18-4645-48E4-9DA0-58B54A27759C}) (Version: 10.4.2 - DxO)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
UPRO sync (HKLM-x32\...\{2C1EE438-E60E-402B-ADA2-9849993A90DD}) (Version: 1.0.16 - Callaway Software Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
07-07-2015 20:36:03 Scheduled Checkpoint
15-07-2015 03:00:21 Windows Update
15-07-2015 14:52:29 Installed DxO OpticsPro 10
16-07-2015 03:00:20 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00715151-CE75-4925-B1E2-9EE46B1B3F2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {22EB6E70-2DCD-43FE-9898-CDB1679BAAF7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {364C7B8A-DD24-4304-BDA7-10406EDBF003} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {37AFBD5D-1797-48F9-909A-F2580DFF237A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {4D70D0EB-0646-41D6-9FEF-0E23B9DD8201} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {54BB1D9E-5AF6-417F-9E1A-BB908BF7E8BD} - System32\Tasks\Open Chrome => Chrome.exe --new-window
Task: {555C757C-438C-49C3-B41A-2D0FF88109BA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1814905456-3194672661-2885556747-1000UA => C:\Users\Huber Desktop\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {7D12AEF4-74F5-4CF1-A1DE-091E49F96C8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {875B1A7F-F1E0-42F6-8A7E-453AD0DC0A37} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {99404370-B5C0-4605-BDA2-93AD7841EB29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C4EB9297-19CD-445D-9789-AD89D6AC070C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1814905456-3194672661-2885556747-1000
Task: {D358DEF1-2F8C-4702-99C5-1F2AD90C744B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {E6D47920-DFDB-406E-9321-165F8368D66E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1814905456-3194672661-2885556747-1000Core => C:\Users\Huber Desktop\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1814905456-3194672661-2885556747-1000Core.job => C:\Users\Huber Desktop\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1814905456-3194672661-2885556747-1000UA.job => C:\Users\Huber Desktop\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe--new-window.Huber Desktox
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-05-28 10:37 - 2006-10-20 00:39 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlcxdrpp.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-13 23:50 - 2006-10-20 00:41 - 00134656 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcxdrui.dll
2014-01-13 23:50 - 2006-10-20 20:31 - 00126464 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcxPRPR.DLL
2014-01-13 23:50 - 2006-09-06 05:13 - 00064000 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcxCFG.DLL
2013-08-30 14:31 - 2011-12-15 18:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-28 10:37 - 2007-01-12 11:57 - 00292336 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
2014-05-28 10:37 - 2006-11-03 17:04 - 00304008 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
2014-11-27 13:39 - 2015-05-07 15:12 - 05886784 _____ () C:\Users\Huber Desktop\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-08-30 13:06 - 2012-01-26 22:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-07-16 19:27 - 2015-07-16 19:27 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
2014-08-29 14:05 - 2015-07-16 19:27 - 02563472 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2015-06-23 17:04 - 2015-05-19 21:26 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2015-06-23 17:04 - 2015-05-19 21:26 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2014-10-16 03:41 - 2014-10-16 03:41 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2013-08-30 13:02 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-08-30 13:01 - 2011-12-16 14:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-05-28 10:37 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll
2014-05-28 10:37 - 2006-09-06 05:13 - 00073728 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxcfg.dll
2014-05-28 10:37 - 2006-03-14 16:38 - 00143360 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxdrec.dll
2015-07-16 06:16 - 2015-07-16 06:16 - 00043008 _____ () c:\Users\Huber Desktop\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphdikw3.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00750080 _____ () C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00047616 _____ () C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00865280 _____ () C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00200704 _____ () C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00010240 _____ () C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00726016 _____ () C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00010240 _____ () C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-07-16 19:27 - 2015-07-16 19:27 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\log4cplusU.dll
2015-07-14 12:01 - 2015-07-13 17:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 12:01 - 2015-07-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-14 12:01 - 2015-07-13 17:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Huber Desktop\Downloads\Arthur Morris Art of Bird PhotograhyII.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Huber Desktop\Downloads\Forbes Reg Hosp. receipt 4-17-15.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Huber Desktop\Downloads\Mrs. Huber's Meds  List 4-23-15.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Huber Desktop\Documents\CBV Online Reservation Acknowledgment.eml:OECustomProperty
AlternateDataStreams: C:\Users\Huber Desktop\Documents\Fwd_ United Airlines Schedule Change Notification for reservation NS83KT.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1814905456-3194672661-2885556747-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Huber Desktop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{733BF5E4-7BFF-46E5-BD8D-05E87F7134C2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{782A5E00-A177-4BC4-8856-5568FCC836E4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5F8981EC-EF72-46F6-A8FD-6D882AB90EDC}] => (Allow) C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{96777D03-A699-412F-83E2-9F35539345E0}] => (Allow) C:\Users\Huber Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1608333F-D03A-4E74-B5C5-E93DD9681692}] => (Allow) C:\Windows\SysWOW64\dlcxcoms.exe
FirewallRules: [{80B535C0-F435-4265-B8F9-A19C11AF27A9}] => (Allow) C:\Windows\SysWOW64\dlcxcoms.exe
FirewallRules: [{B1571E06-A43C-47D3-B80E-3E0C65BA101D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3797555E-8EAE-48AA-91E6-5B35E067D453}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{E9E687C8-3757-4EBB-81A0-923FCD8603DD}C:\users\huber desktop\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\huber desktop\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1D668525-F1D3-4C0D-ABBB-F6F2E18AD002}C:\users\huber desktop\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\huber desktop\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{73F926AD-767A-497F-AC21-6D4B096E9901}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6F6E1906-DE28-451C-9F3A-E4B4E4C1A4BD}] => (Allow) LPort=2869
FirewallRules: [{DDBBB9A0-0F4B-46C5-8677-71326EE8990D}] => (Allow) LPort=1900
FirewallRules: [{BEA129BB-2FEB-42DA-896F-2D0980BB3552}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{012DFF47-019C-44A4-AECF-73234BC7FACB}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{E13A79D0-958B-4B61-B71A-DFE6419A4547}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{B7F81DB8-4E5B-469C-87B9-E0DA757AC089}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{6E7BB491-AE6C-4B77-A8C2-0E91B03F1936}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{CEE70EAE-B07D-475B-A3C9-54918D60D2FE}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{96404370-FC3B-4655-9774-65EE110CF376}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{97E05858-94CA-4D1E-B480-A4F06CDB25F9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{34499E86-04CA-475F-8004-35D53059E933}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE007954-B88A-4EE7-A04E-5ADABEF2EE30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{758C76E8-9B97-4966-95FD-76436653BCBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B2FC339-C82F-47D2-AD29-0FA02A070007}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E73D5C1-C71E-420C-AE3A-D8B5E3A5B495}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{55328F42-752B-4250-B7FE-DCEE3926DDF5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{00445552-47D2-4C77-83A0-57376864F625}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{2E5DED91-E51D-4B0B-8F55-2BD2EF4426EE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{88101609-686A-47B7-9826-9CE4CF853891}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7ED11B7A-D9B2-4D35-86E1-19102D8FE421}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{37C97AAE-5A92-416D-AC23-7EA659392A3B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F334D804-55D8-42E8-9A0D-126EBB3ECD27}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{424561E4-3006-4AA7-8999-419F8CEFB299}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7FD7998F-5B15-431F-833C-CEF7FA3BD79A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2015 12:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9376
 
Error: (07/21/2015 12:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9376
 
Error: (07/21/2015 12:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2015 12:14:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8377
 
Error: (07/21/2015 12:14:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8377
 
Error: (07/21/2015 12:14:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2015 12:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7379
 
Error: (07/21/2015 12:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7379
 
Error: (07/21/2015 12:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2015 12:13:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6380
 
 
System errors:
=============
Error: (07/15/2015 03:19:51 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (07/15/2015 03:19:45 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (07/15/2015 03:19:39 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (07/15/2015 03:19:33 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (07/15/2015 03:19:27 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (07/15/2015 03:19:21 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (07/15/2015 03:19:15 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (07/15/2015 03:19:08 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (07/15/2015 03:19:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (07/15/2015 03:18:56 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
 
Microsoft Office:
=========================
Error: (07/21/2015 12:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9376
 
Error: (07/21/2015 12:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9376
 
Error: (07/21/2015 12:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2015 12:14:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8377
 
Error: (07/21/2015 12:14:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8377
 
Error: (07/21/2015 12:14:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2015 12:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7379
 
Error: (07/21/2015 12:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7379
 
Error: (07/21/2015 12:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2015 12:13:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6380
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8063.54 MB
Available physical RAM: 5705.12 MB
Total Virtual: 16125.29 MB
Available Virtual: 12004.38 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:752.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 12F19D11)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 

  • 0

Advertisements

#2
Nevan
Posted 21 July 2015 - 12:09 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, PittPewee. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

 
I'll check the log provided and be back with appropriate instructions once they are approved by my teacher.

Stay calm :)
  • 0

#3
PittPewee
Posted 21 July 2015 - 12:52 PM

PittPewee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Thanks Nevan. 


  • 0

#4
Nevan
Posted 21 July 2015 - 02:23 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, PittPewee.

Let's start the cleaning :)

Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   1.04KB   213 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
RogueKiller

Download RogueKiller to your desktop. Make sure to choose RogueKillerX64.exe
  • Quit all running programs
  • Right click RogueKillerX64.exe and click Run as administrator
  • The program will start the prescan once it's launched. Please wait until it's done and click Scan button.
  • Once the scanning is done, "Scan finished. Please look at the different tabs and check/uncheck needed items before pressing the delete button" message will appear. When it happens, click Report button. The scan log will open.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Question

Has the Norton thing appeared again? If not, could you try visiting Windstream website again and tell me if the same thing happens?

 
Things that should appear in your next post:
  • Fixlog.txt log content
  • Roguekiller log content
  • Answer to my question

  • 0

#5
PittPewee
Posted 21 July 2015 - 03:07 PM

PittPewee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hello Nevan,

 

AVG deleted FRST64.exe when it was done, but I did find the fixlog

Here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Huber Desktop at 2015-07-21 16:29:43 Run:1
Running from C:\Users\Huber Desktop\Desktop
Loaded Profiles: Huber Desktop (Available Profiles: Huber Desktop)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1814905456-3194672661-2885556747-1000 -> {F1D6D8B8-D23A-41C0-AAC8-9CA2819BBA8B} URL = 
2015-07-13 09:40 - 2015-04-13 12:33 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
Task: {C4EB9297-19CD-445D-9789-AD89D6AC070C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1814905456-3194672661-2885556747-1000
Folder: C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}
File: C:\ProgramData\SPL3CF0.tmp
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on/off
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-1814905456-3194672661-2885556747-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F1D6D8B8-D23A-41C0-AAC8-9CA2819BBA8B}" => key removed successfully
HKCR\CLSID\{F1D6D8B8-D23A-41C0-AAC8-9CA2819BBA8B} => key not found. 
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4EB9297-19CD-445D-9789-AD89D6AC070C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4EB9297-19CD-445D-9789-AD89D6AC070C}" => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-1814905456-3194672661-2885556747-1000 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-1814905456-3194672661-2885556747-1000" => key removed successfully
 
========================= Folder: C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1} ========================
 
2015-06-30 18:46 - 2015-06-30 18:46 - 0000275 ____C () C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.dat
2015-06-30 18:46 - 2015-05-22 12:45 - 3884225 ____C (Dell Inc.                                                                                                                                                                                                                                                                                                   ) C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.exe
2015-06-30 18:46 - 2015-06-30 18:46 - 0000000 ____C () C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.lnk
2015-06-30 18:46 - 2015-05-22 12:45 - 0315392 ____C () C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.msi
2015-06-30 18:46 - 2015-06-30 18:46 - 0006063 ____C () C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.par
2015-06-30 18:46 - 2015-05-22 12:45 - 3731442 ____C () C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.res
2015-06-30 18:46 - 2015-06-30 18:46 - 0000097 ____C () C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\instance.dat
2015-06-30 18:46 - 2015-05-22 12:45 - 0583630 ____C () C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\mia.lib
 
====== End of Folder: ======
 
 
========================= File: C:\ProgramData\SPL3CF0.tmp ========================
 
MD5: 378C86BAC547DF54982F10516CE6CB19
Creation and modification date: 2015-02-23 23:34 - 2015-02-23 23:34
Size: 2661169
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product Name: 
Description: 
File Version: 
Product Version: 
Copyright$creamod: 
 
====== End of File: ======
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on/off =========
 
 
A specified value is not valid.
 
Usage:  set allprofiles (parameter) (value)
 
Parameters:
 
      state             - Configure the firewall state.
              Usage: state on|off|notconfigured
 
      firewallpolicy    - Configures default inbound and outbound behavior.
      Usage: firewallpolicy (inbound behavior),(outbound behavior)
         Inbound behavior:
            blockinbound        - Block inbound connections that do not
                                  match an inbound rule.
            blockinboundalways  - Block all inbound connections even if
                                  the connection matches a rule.
            allowinbound        - Allow inbound connections that do
                                  not match a rule.
            notconfigured       - Return the value to its unconfigured state.
         Outbound behavior:
            allowoutbound       - Allow outbound connections that do not
                                  match a rule.
            blockoutbound       - Block outbound connections that do not
                                  match a rule.
            notconfigured       - Return the value to its unconfigured state.
 
      settings          - Configures firewall settings.
      Usage: settings (parameter) enable|disable|notconfigured
      Parameters:
         localfirewallrules         - Merge local firewall rules with Group
                                      Policy rules. Valid when configuring
                                      a Group Policy store.
         localconsecrules           - Merge local connection security rules
                                      with Group Policy rules. Valid when
                                      configuring a Group Policy store.
         inboundusernotification    - Notify user when a program listens
                                      for inbound connections.
         remotemanagement           - Allow remote management of Windows
                                      Firewall.
         unicastresponsetomulticast - Control stateful unicast response to
                                      multicast.
 
      logging           - Configures logging settings.
      Usage: logging (parameter) (value)
      Parameters:
         allowedconnections  - Log allowed connections.
                               Values: enable|disable|notconfigured
         droppedconnections  - Log dropped connections.
                               Values: enable|disable|notconfigured
         filename            - Name and location of the firewall log.
                               Values: <string>|notconfigured
         maxfilesize         - Maximum log file size in kilobytes.
                               Values: 1 - 32767|notconfigured
 
Remarks:
 
      - Configures profile settings for all profiles.
      - The "notconfigured" value is valid only for a Group Policy store.
 
Examples:
 
      Turn the firewall off for all profiles:
      netsh advfirewall set allprofiles state off
 
      Set the default behavior to block inbound and allow outbound
      connections on all profiles:
      netsh advfirewall set allprofiles firewallpolicy
      blockinbound,allowoutbound
 
      Turn on remote management on all profiles:
      netsh advfirewall set allprofiles settings remotemanagement enable
 
      Log dropped connections on all profiles:
      netsh advfirewall set allprofiles logging droppedconnections enable
 
 
========= End of CMD: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
RgoueKiller results:
 
RogueKiller V10.9.3.0 (x64) [Jul 21 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Huber Desktop [Administrator]
Started from : C:\Users\Huber Desktop\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 07/21/2015 16:52:16
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {95B7759C-8C7F-4BF1-B163-73684A933233} :   -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"  -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1814905456-3194672661-2885556747-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg...fr&d=2014-08-2914:05:22&v=18.7.0.147&pid=safeguard&sg=&sap=hp  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1814905456-3194672661-2885556747-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg...fr&d=2014-08-2914:05:22&v=18.7.0.147&pid=safeguard&sg=&sap=hp  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1814905456-3194672661-2885556747-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1814905456-3194672661-2885556747-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.1 mssplus.mcafee.comDeleted
 
¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IRP:Inl(Hook.IRP)] \SystemRoot\system32\DRIVERS\ndistapi.sys - IRP_MJ_PNP[27] : Unknown @ 0x41edf04195e00000
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-75ZF5A0 +++++
--- User ---
[MBR] 531b63ec121db6c4cf70459968d8b61f
[BSP] 56815cbede61147e809c4224a74ebcad : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45518848 | Size: 931642 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Dell USB Mass Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
The norton thing never reappeared and I was able to go to windstream.net without problem
 
Linda

  • 0

#6
Nevan
Posted 22 July 2015 - 08:02 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, Linda.

The situation you've described seems to be a scam. As someone else had access to your computer, it is recommended that you change all passwords where applicable to minimise possible damage.
Also, do you remember what programs were used by those who you called? Did they try to charge for the "help" you've received?

As for the removal, everything seems to go well so far, so let's move on with the cleaning.

Step #1
Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
AdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner[S0].txt log content
  • Answer to my questions

  • 0

#7
PittPewee
Posted 22 July 2015 - 09:43 AM

PittPewee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

During the AdwCleaner this message come up:

 

There is no disk in the drive. Please insert a disk into drive\Device\Harddisk2\DR2.

 

My choices are Cancel , Try Again , or Continue.

 

Should I select Continue?

 

Thank you, Pewee


  • 0

#8
Nevan
Posted 22 July 2015 - 09:56 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
For now click Cancel and show me the JRT log please.
  • 0

#9
PittPewee
Posted 22 July 2015 - 10:09 AM

PittPewee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Huber Desktop on Wed 07/22/2015 at 11:26:48.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully deleted: [Service] vToolbarUpdater18.7.0 [Reboot required]
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\ProgramData\SPL2AE7.tmp
Successfully deleted: [File] C:\ProgramData\SPL2B05.tmp
Successfully deleted: [File] C:\ProgramData\SPL31C9.tmp
Successfully deleted: [File] C:\ProgramData\SPL3CF0.tmp
Successfully deleted: [File] C:\ProgramData\SPL448E.tmp
Successfully deleted: [File] C:\ProgramData\SPL4836.tmp
Successfully deleted: [File] C:\ProgramData\SPL64D0.tmp
Successfully deleted: [File] C:\ProgramData\SPL719C.tmp
Successfully deleted: [File] C:\ProgramData\SPL7AF4.tmp
Successfully deleted: [File] C:\ProgramData\SPL84B2.tmp
Successfully deleted: [File] C:\ProgramData\SPL906A.tmp
Successfully deleted: [File] C:\ProgramData\SPLB52B.tmp
Successfully deleted: [File] C:\ProgramData\SPLBE2F.tmp
Successfully deleted: [File] C:\ProgramData\SPLBFF4.tmp
Successfully deleted: [File] C:\ProgramData\SPLCEF.tmp
Successfully deleted: [File] C:\ProgramData\SPLE9A2.tmp
Successfully deleted: [File] C:\ProgramData\SPLEE54.tmp
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_toolbar.avg.com_0.localstorage
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_toolbar.avg.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.ask.com_0.localstorage
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.ask.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\Huber Desktop\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Public\Desktop\ebay.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\avg safeguard toolbar
Successfully deleted: [Folder] C:\Program Files (x86)\avg security toolbar
Successfully deleted: [Folder] C:\ProgramData\avg safeguard toolbar
Successfully deleted: [Folder] C:\ProgramData\avg security toolbar
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Huber Desktop\Appdata\Local\avg safeguard toolbar
Successfully deleted: [Folder] C:\Users\Huber Desktop\Appdata\LocalLow\avg safeguard toolbar
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Huber Desktop\Appdata\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
[C:\Users\Huber Desktop\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Huber Desktop\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ndibdjnfmopecpmkdieinmbadjfpblof
 
[C:\Users\Huber Desktop\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Huber Desktop\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  bopakagnckmlgajfccecajhnimjiiedh,
  ndibdjnfmopecpmkdieinmbadjfpblof
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/22/2015 at 12:08:05.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#10
Nevan
Posted 22 July 2015 - 10:17 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Could you please answer my questions from previous post?
 

The situation you've described seems to be a scam. As someone else had access to your computer, it is recommended that you change all passwords where applicable to minimise possible damage.
Also, do you remember what programs were used by those who you called? Did they try to charge for the "help" you've received?


  • 0

Advertisements

#11
PittPewee
Posted 22 July 2015 - 10:29 AM

PittPewee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I don't know. something with explore in it. website was http.//p2.dntrax.com and alert.atcpcsupport.com support. I was not asked to pay for the help I had received so far, but I was asked to buy services for $299 to remove trojan and foreign IP address, remove error and warning, install damaged files and clean up and tune up system. I used task manager to close out all activity involved and hung up. 

 

Info from above was from junkware, not adware. Sorry I will continue with the adware cleaner now

 

Pewee


  • 0

#12
PittPewee
Posted 22 July 2015 - 10:39 AM

PittPewee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Nevan,

 

Here is my log from AdwCleaner:

 

# AdwCleaner v4.208 - Logfile created 22/07/2015 at 12:34:53
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Huber Desktop - HUBERDESKTOP-PC
# Running from : C:\Users\Huber Desktop\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Avg_Update_0215tb
Folder Deleted : C:\ProgramData\Avg_Update_1114tb
Folder Deleted : C:\ProgramData\Avg_Update_1214tb
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.highmarkblueshield.com_0.localstorage
File Deleted : C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.highmarkblueshield.com_0.localstorage-journal
File Deleted : C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_packagetracer.dl.tb.ask.com_0.localstorage
File Deleted : C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_packagetracer.dl.tb.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17909
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Huber Desktop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [5813 bytes] - [22/07/2015 12:32:20]
AdwCleaner[S0].txt - [5629 bytes] - [22/07/2015 12:34:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5688  bytes] ##########
 Thanks

  • 0

#13
Nevan
Posted 22 July 2015 - 12:30 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, PittPewee.

It's good that you didn't pay for anything. You shouldn't ever do that. No real security software providers ever offer such aggresive way of helping.

Let's continue looking for leftovers.

Step #1
Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click fxn8GTf.jpg
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that the options are set as the example below:
    temh2Om.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content

  • 0

#14
PittPewee
Posted 22 July 2015 - 08:30 PM

PittPewee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hello again, Nevan.

I had to go to work, so my response is delayed. Here is my logs from Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/22/2015
Scan Time: 8:03 PM
Logfile: Malwarebytes scan log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.22.07
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Huber Desktop
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358112
Time Elapsed: 11 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Here is my log from ESET:
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1d4af0072838bd41af9c50e9668ad20e
# end=init
# utc_time=2015-07-23 12:42:55
# local_time=2015-07-22 08:42:55 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24932
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1d4af0072838bd41af9c50e9668ad20e
# end=updated
# utc_time=2015-07-23 12:48:16
# local_time=2015-07-22 08:48:16 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=1d4af0072838bd41af9c50e9668ad20e
# engine=24932
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-23 01:02:39
# local_time=2015-07-22 09:02:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 0 123804143 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 46920118 189156809 0 0
# scanned=39155
# found=2
# cleaned=0
# scan_time=862
sh=78D39055963B638142A26F6A1CA0858557F1553D ft=1 fh=22097666a78966a3 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=E51D31466DA5738E4D029C788B93EF7D428648A3 ft=1 fh=5cf3f026d273c9eb vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1d4af0072838bd41af9c50e9668ad20e
# end=init
# utc_time=2015-07-23 01:12:15
# local_time=2015-07-22 09:12:15 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24932
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1d4af0072838bd41af9c50e9668ad20e
# end=updated
# utc_time=2015-07-23 01:12:57
# local_time=2015-07-22 09:12:57 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=1d4af0072838bd41af9c50e9668ad20e
# engine=24932
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-23 02:01:23
# local_time=2015-07-22 10:01:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 0 123807667 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 46923642 189160333 0 0
# scanned=209087
# found=2
# cleaned=0
# scan_time=2904
sh=78D39055963B638142A26F6A1CA0858557F1553D ft=1 fh=22097666a78966a3 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=E51D31466DA5738E4D029C788B93EF7D428648A3 ft=1 fh=5cf3f026d273c9eb vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1d4af0072838bd41af9c50e9668ad20e
# end=init
# utc_time=2015-07-23 02:11:23
# local_time=2015-07-22 10:11:23 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24932
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1d4af0072838bd41af9c50e9668ad20e
# end=updated
# utc_time=2015-07-23 02:12:06
# local_time=2015-07-22 10:12:06 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=1d4af0072838bd41af9c50e9668ad20e
# engine=24932
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-23 02:12:15
# local_time=2015-07-22 10:12:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 0 123808319 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 46924294 189160985 0 0
# scanned=1495
# found=0
# cleaned=0
# scan_time=9
 
Thank you for all of your time, PittPewee

  • 0

#15
Nevan
Posted 23 July 2015 - 07:29 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, PittPewee.

No problem with the delay. Helping you is my priority here, no matter how long it takes.

Let's do the two final checks.

Step #1
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Step #2
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Question
Could you tell me if you have any other problems with your system that you'd like to mention?

 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • Checkup.txt log content
  • Answer to my question

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP