Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Blocks Adware Installer Activity 7


  • This topic is locked This topic is locked
8 replies to this topic

#1 58bowty

58bowty

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 07 July 2015 - 01:44 PM

My Norton 360 keeps blocking "Adware Installer Activity 7."  I'm getting "Page cannot be displayed" errors from my browser.Additionally, I found that my browser proxy setting was also changed. I changed my proxy setting to none and have been able to get online that way. Thanks in advance or any help. Here is the FRST log"

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015

Ran by tytruax (administrator) on TYTRUAX-PC on 06-07-2015 19:55:55
Running from C:\Users\tytruax\AppData\Local\Temp\WPDNSE\{0176012E-0172-0177-2201-310152013801}
Loaded Profiles: tytruax (Available Profiles: tytruax)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.6.0.27\ccsvchst.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(PC Drivers Headquarters) C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-06-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-03-11] (Dell Inc.)
HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-09-25] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
HKLM\...\Run: [SearchProtection] => C:\ProgramData\Search Protection\_run.bat
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-16] (IDT, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [DBAgent] => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1540896 2015-06-08] (Seagate Technology LLC)
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-11] (Google Inc.)
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Run: [cdloader] => C:\Users\tytruax\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Run: [Driver Manager] => C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe [4744024 2014-03-13] (PC Drivers Headquarters)
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Run: [Uploader] => C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-06-08] (Seagate Technology LLC)
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\MountPoints2: {8007d7bf-40c4-11e3-8b7b-002170825b0c} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-27] (Google)
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-10-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2008-10-10]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2008-09-11]
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-09-11]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-09-11]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\tytruax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2008-10-07]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\tytruax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart C7200 series.lnk [2013-06-13]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart C7200 series.lnk ->  (No File)
Startup: C:\Users\tytruax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-10-26]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\tytruax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-02-15]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\tytruax\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk /p \??\C:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2268045312-3402110376-3729890785-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2268045312-3402110376-3729890785-1000] => http=127.0.0.1:51040;https=127.0.0.1:51040
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.foxnews.com/
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 - (No Name) - {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll No File
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=B4C9CBA96011EDD10DECC650B054A157&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=LdXP06obeAcVcbIdveDe_C7viK0?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> {D002E040-8BCB-42B2-8BC2-BE924ACBA8CB} URL = https://duckduckgo.com/?q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: mefeediaTest -> {154d932f-dc51-4a4f-9d52-b78b1419d3b4} -> C:\Program Files\mefeediatest\w3itemplateX.dll [2011-05-04] ()
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: DigitalPersona Fingerprint Software Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-05-12] (DigitalPersona, Inc.)
BHO: Search Assistant BHO -> {5ed22e89-62fa-47ec-bd8d-374d849d436c} -> C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll No File
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll [2011-05-04] ()
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0F827EA4-DA3B-4D08-8ED9-FC81B50D824B}: [DhcpNameServer] 24.159.193.40 68.115.71.53
Tcpip\..\Interfaces\{139000AD-58FA-48AA-80B8-6248354ED6DA}: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\tytruax\AppData\Roaming\Mozilla\Firefox\Profiles\9mf7o7uz.default-1422404045562
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @DailyBibleGuide.com/Plugin -> C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [2015-04-15] ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-05]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt [2009-11-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-29]
FF HKLM\...\Firefox\Extensions: [2vffxtbr@DailyBibleGuide.com] - C:\Program Files\DailyBibleGuide\bar\1.bin
FF Extension: DailyBibleGuide - C:\Program Files\DailyBibleGuide\bar\1.bin [2011-10-22]
FF HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\tytruax\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\tytruax\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-05]
CHR Extension: (Google Search) - C:\Users\tytruax\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tytruax\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\tytruax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (MySearchDial) - C:\Users\tytruax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2015-02-06]
CHR Extension: (Gmail) - C:\Users\tytruax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-05]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\tytruax\AppData\Local\mysearchdial-speeddial.crx [2013-12-15]
CHR HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\tytruax\AppData\Local\mysearchdial-speeddial.crx [2013-12-15]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-16] (Andrea Electronics Corporation)
R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1168632 2008-05-05] (AuthenTec, Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1962192 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [184528 2015-05-22] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
R2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-12] (DigitalPersona, Inc.) [File not signed]
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-27] (Google)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-09-11] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [630784 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-06-08] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-06-08] (Seagate Technology LLC)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-16] (IDT, Inc.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-03-11] (Dell Inc.) [File not signed]
S2 SmileyCentralIE_1wService; C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbarsvc.exe [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-03-11] (Broadcom Corporation)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20150625.001\BHDrvx86.sys [1181424 2015-06-16] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1406000.01B\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [20688 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [19984 2015-02-26] (Dell Computer Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2007-03-05] (Samsung Electronics Co., Ltd.) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [380720 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [113456 2015-05-27] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-05-07] (GFI Software)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20150703.001\IDSvix86.sys [523512 2015-06-19] (Symantec Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [62496 2010-03-08] (ITE Tech. Inc. )
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20150703.001\NAVENG.SYS [104440 2015-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20150703.001\NAVEX15.SYS [1645432 2015-06-23] (Symantec Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NAV\1406000.01B\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1406000.01B\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-03-06] (Samsung Electronics) [File not signed]
R0 SymDS; C:\Windows\System32\drivers\NAV\1406000.01B\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1406000.01B\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1406000.01B\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1406000.01B\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKsl304783c2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22EF9CDE-F1F9-4029-B9AB-72D22E44D711}\MpKsl304783c2.sys [X]
S1 MpKsl43294a47; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86E5E040-B2FF-4A75-9C6D-3DB7676B957A}\MpKsl43294a47.sys [X]
S1 MpKsl4be569c2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22EF9CDE-F1F9-4029-B9AB-72D22E44D711}\MpKsl4be569c2.sys [X]
S1 MpKsl5459ff5b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0776B05-B67B-4C57-BECC-DF1F6A18E9B3}\MpKsl5459ff5b.sys [X]
S1 MpKsl59f83b3d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01ECB36E-7178-4F63-96EC-0D2153A77D9E}\MpKsl59f83b3d.sys [X]
S1 MpKsl7794caab; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1BAA5A0-436A-48BF-BF49-2C81E743F3F2}\MpKsl7794caab.sys [X]
S1 MpKsldf9a8a9c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0776B05-B67B-4C57-BECC-DF1F6A18E9B3}\MpKsldf9a8a9c.sys [X]
S1 MpKsle23ed45d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE57FA8B-50CA-4CAF-B326-69215354C436}\MpKsle23ed45d.sys [X]
S1 MpKsle5087028; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8087B174-C9D9-4E04-B186-639C85AE71AD}\MpKsle5087028.sys [X]
S2 mrtRate; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 19:53 - 2015-07-06 19:56 - 00000000 ____D C:\FRST
2015-07-05 09:19 - 2015-07-05 09:19 - 00001984 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-07-05 09:19 - 2015-07-05 09:19 - 00000000 ____D C:\ProgramData\Nero
2015-07-05 09:19 - 2015-07-05 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-07-05 09:18 - 2015-07-05 09:18 - 00000000 ____D C:\Program Files\Seagate
2015-07-04 08:20 - 2015-07-04 08:22 - 00000000 ____D C:\NPE
2015-07-03 23:58 - 2015-07-04 09:48 - 00000000 ____D C:\Users\tytruax\AppData\Local\NPE
2015-07-03 21:15 - 2015-07-05 08:39 - 00017408 ____N C:\Windows\system32\rpcnetp.dll
2015-07-01 14:51 - 2015-07-01 14:52 - 02009904 _____ C:\Users\tytruax\Downloads\Adaware_Installer.exe
2015-06-28 13:59 - 2015-06-28 14:03 - 00000000 ____D C:\Users\tytruax\Downloads\Documents\ProPCCleaner
2015-06-28 10:23 - 2015-06-28 10:23 - 00000064 _____ C:\Users\tytruax\AppData\Local\ae7b9a524250a11645944c5cc8ea1f8a
2015-06-28 10:22 - 2015-07-06 06:44 - 00000000 ____D C:\Program Files\user extensions
2015-06-28 10:19 - 2015-06-28 10:19 - 00000000 ____D C:\Users\tytruax\AppData\Roaming\Rainmaker Software Group LLC
2015-06-28 10:15 - 2015-06-28 10:17 - 00000000 ____D C:\Users\tytruax\AppData\Local\Chromium
2015-06-28 10:14 - 2015-06-28 10:14 - 00000000 ____D C:\Users\tytruax\AppData\Roaming\Tny_cassiopesa
2015-06-28 10:13 - 2015-07-05 00:14 - 00000000 ____D C:\Program Files\Tny_Cassiopesa
2015-06-28 09:34 - 2015-06-28 09:37 - 00000691 _____ C:\Users\tytruax\Downloads\Setup.website
2015-06-26 09:59 - 2015-06-26 09:59 - 00002656 _____ C:\{4AEBD7CA-AA62-443F-BE8C-D560DDD7B917}
2015-06-25 12:17 - 2015-06-25 12:17 - 00187544 _____ C:\{EC60D424-DC7B-4A77-ADA7-427BEC4AECF8}
2015-06-25 12:16 - 2015-06-25 12:16 - 00191264 _____ C:\{788EED22-B0D9-4460-A6C7-B7DF7CEE2930}
2015-06-25 12:15 - 2015-06-25 12:15 - 01658024 _____ C:\{EFA08471-DF5F-40A7-90F1-9B0D72B03CE7}
2015-06-25 12:14 - 2015-06-25 12:14 - 00000000 __HDC C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}
2015-06-25 12:07 - 2015-06-25 12:07 - 00033312 _____ C:\{1178C181-8087-4D87-BB9F-82F26D2CA17F}
2015-06-25 09:54 - 2015-06-25 09:54 - 00002656 _____ C:\{EF275529-EBC1-4E42-8097-C9D80E9A472C}
2015-06-23 21:46 - 2015-06-23 21:46 - 00002760 _____ C:\{834DCB07-275F-4613-97CE-C58D60A59D0F}
2015-06-22 21:19 - 2015-06-22 21:19 - 00036464 _____ C:\{9234DFAD-EA90-4CE0-88FD-07A701C36EA7}
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\Program Files\Dell Support Center
2015-06-19 18:06 - 2015-06-19 18:06 - 00002760 _____ C:\{B5AD83DC-CAB5-457C-AFB7-0B66945BED87}
2015-06-17 23:48 - 2015-06-17 23:48 - 00002656 _____ C:\{D097C8E4-B4F4-457D-873A-AC69F48ED39C}
2015-06-12 11:41 - 2015-06-12 11:41 - 00003392 _____ C:\{95087AF7-517B-4625-841C-71F7159665F0}
2015-06-12 09:15 - 2015-06-12 09:15 - 00005280 _____ C:\{5A3CE189-81C1-4F30-9426-A5855B97C25F}
2015-06-12 03:18 - 2015-06-12 03:18 - 00002760 _____ C:\{F5900F4F-27CC-48DC-8306-0A80229396F0}
2015-06-11 00:30 - 2015-04-24 10:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 00:29 - 2015-05-21 09:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-11 00:28 - 2015-05-08 18:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 23:59 - 2015-05-04 17:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 23:59 - 2015-05-04 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 23:59 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 23:59 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 23:59 - 2015-05-04 16:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 21:45 - 2015-05-30 19:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 21:45 - 2015-05-30 18:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 21:45 - 2015-05-30 18:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 21:45 - 2015-05-30 18:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 21:45 - 2015-05-30 18:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 21:45 - 2015-05-30 18:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 21:45 - 2015-05-30 18:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 21:45 - 2015-05-30 18:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 21:45 - 2015-05-30 18:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 21:45 - 2015-05-30 18:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 21:45 - 2015-05-30 18:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 21:45 - 2015-05-30 18:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 21:45 - 2015-05-30 18:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-10 21:45 - 2015-05-30 18:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 21:45 - 2015-05-30 18:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 21:45 - 2015-05-30 18:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 21:45 - 2015-05-30 18:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-10 21:45 - 2015-05-30 18:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 21:45 - 2015-05-30 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 21:45 - 2015-05-30 18:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 21:45 - 2015-05-30 18:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-10 21:45 - 2015-05-30 18:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 19:48 - 2013-02-27 23:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-06 19:40 - 2006-11-02 05:33 - 00767576 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-06 19:31 - 2008-09-10 21:23 - 02092223 _____ C:\Windows\WindowsUpdate.log
2015-07-06 19:29 - 2010-12-06 23:30 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-06 19:21 - 2010-12-06 23:30 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-06 19:17 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 19:17 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 07:22 - 2008-10-07 22:34 - 00043614 _____ C:\Users\tytruax\AppData\Roaming\wklnhst.dat
2015-07-06 06:45 - 2010-12-16 13:55 - 00000000 ____D C:\Users\tytruax\AppData\Local\CrashDumps
2015-07-05 12:55 - 2009-03-27 12:25 - 00000000 ____D C:\Windows\Minidump
2015-07-05 08:58 - 2010-09-09 08:03 - 00049536 _____ (Absolute Software Corp.) C:\Windows\system32\agremove.exe
2015-07-05 08:39 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-05 08:37 - 2006-11-02 08:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-04 23:50 - 2012-11-24 00:01 - 00000000 ____D C:\ProgramData\Search Protection
2015-07-04 09:39 - 2009-09-17 23:13 - 00643072 _____ C:\Windows\system32\autochk.exe
2015-07-04 00:01 - 2010-09-03 07:20 - 00006648 _____ C:\Users\tytruax\AppData\Local\d3d9caps.dat
2015-07-03 23:59 - 2010-12-01 08:38 - 00000000 ____D C:\ProgramData\Norton
2015-06-25 12:06 - 2015-04-15 21:04 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-06-24 07:49 - 2012-12-29 18:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-24 07:49 - 2011-07-21 23:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-22 21:51 - 2013-01-05 19:23 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 13:23 - 2008-09-11 02:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-22 13:18 - 2010-12-09 23:29 - 00000000 ____D C:\ProgramData\PCDr
2015-06-18 14:07 - 2014-09-04 09:33 - 00000000 ____D C:\Users\tytruax\AppData\Local\Adobe
2015-06-11 08:59 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2015-06-11 08:36 - 2006-11-02 07:47 - 00305584 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 00:30 - 2009-10-24 19:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 00:28 - 2013-07-16 07:39 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 00:03 - 2006-11-02 05:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-06 01:10 - 2015-06-02 19:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-06 01:10 - 2012-05-02 21:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2014-02-12 13:41 - 2014-02-12 13:41 - 49940480 _____ () C:\Program Files\GUT9EA7.tmp
2008-10-07 19:08 - 2008-10-08 18:49 - 0001844 _____ () C:\Users\tytruax\AppData\Roaming\install.dat
2008-10-07 22:34 - 2015-07-06 07:22 - 0043614 _____ () C:\Users\tytruax\AppData\Roaming\wklnhst.dat
2015-06-28 10:23 - 2015-06-28 10:23 - 0000064 _____ () C:\Users\tytruax\AppData\Local\ae7b9a524250a11645944c5cc8ea1f8a
2010-09-03 07:20 - 2015-07-04 00:01 - 0006648 _____ () C:\Users\tytruax\AppData\Local\d3d9caps.dat
2008-10-09 07:28 - 2013-06-19 07:22 - 0025600 _____ () C:\Users\tytruax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-08 15:32 - 2013-02-08 15:32 - 0011986 _____ () C:\Users\tytruax\AppData\Local\fsc9850.exe
2013-12-15 23:15 - 2013-12-15 23:15 - 0351124 _____ () C:\Users\tytruax\AppData\Local\mysearchdial-speeddial.crx
2013-06-13 21:16 - 2013-06-13 21:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2008-10-09 23:29 - 2010-09-08 21:06 - 0003900 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\tytruax\Garmin_RMU_CNNANT2010C.exe
C:\Users\tytruax\garmin_rmu_cnnant2010_20.exe
 
 
Some files in TEMP:
====================
C:\Users\tytruax\AppData\Local\Temp\gb-installer-core.exe
C:\Users\tytruax\AppData\Local\Temp\install_temp.exe
C:\Users\tytruax\AppData\Local\Temp\setup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-05 21:01
 
==================== End of log ============================Attached File  Addition_06-07-2015_20-01-40.txt   74.46KB   0 downloads

 

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 11 July 2015 - 10:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [SearchProtection] => C:\ProgramData\Search Protection\_run.bat
HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
ShortcutTarget: Monitor Ink Alerts - HP Photosmart C7200 series.lnk ->  (No File)
ProxyEnable: [S-1-5-21-2268045312-3402110376-3729890785-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2268045312-3402110376-3729890785-1000] => http=127.0.0.1:51040;https=127.0.0.1:51040
cmd: ipconfig /flushdns
URLSearchHook: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 - (No Name) - {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll No File
SearchScopes: HKLM -> {8b0d31e7-0331-43cc-87cd-a472317f1305} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb010YYus_ZJxdm128YYus&ptb=6F2193AA-F0B5-4502-8CD7-19FDAD23B357&psa=&ind=2011011522&ptnrS=ZNzfb010YYus_ZJxdm128YYus&si=&st=sb&n=77dd99c2&searchfor={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=B4C9CBA96011EDD10DECC650B054A157&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> {6A6C0E2C-87D0-47F2-B2FA-5C8FED4C9CB6} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=6898F57F-98DC-41E4-ACAD-79AD172E2B8A&apn_sauid=E85AFB85-BE8A-425C-996C-8ECA2DC8BC6A
SearchScopes: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=LdXP06obeAcVcbIdveDe_C7viK0?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> {8b0d31e7-0331-43cc-87cd-a472317f1305} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb010YYus_ZJxdm128YYus&ptb=6F2193AA-F0B5-4502-8CD7-19FDAD23B357&psa=&ind=2011011522&ptnrS=ZNzfb010YYus_ZJxdm128YYus&si=&st=sb&n=77dd99c2&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2268045312-3402110376-3729890785-1000 -> {D002E040-8BCB-42B2-8BC2-BE924ACBA8CB} URL = https://duckduckgo.com/?q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: mefeediaTest -> {154d932f-dc51-4a4f-9d52-b78b1419d3b4} -> C:\Program Files\mefeediatest\w3itemplateX.dll [2011-05-04] ()
BHO: Search Assistant BHO -> {5ed22e89-62fa-47ec-bd8d-374d849d436c} -> C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll No File
Toolbar: HKLM - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll [2011-05-04] ()
FF Plugin: @DailyBibleGuide.com/Plugin -> C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
FF HKLM\...\Firefox\Extensions: [2vffxtbr@DailyBibleGuide.com] - C:\Program Files\DailyBibleGuide\bar\1.bin
FF Extension: DailyBibleGuide - C:\Program Files\DailyBibleGuide\bar\1.bin [2011-10-22]
CHR Extension: (MySearchDial) - C:\Users\tytruax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2015-02-06]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\tytruax\AppData\Local\mysearchdial-speeddial.crx [2013-12-15]
CHR HKU\S-1-5-21-2268045312-3402110376-3729890785-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\tytruax\AppData\Local\mysearchdial-speeddial.crx [2013-12-15]
S2 SmileyCentralIE_1wService; C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbarsvc.exe [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKsl304783c2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22EF9CDE-F1F9-4029-B9AB-72D22E44D711}\MpKsl304783c2.sys [X]
S1 MpKsl43294a47; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86E5E040-B2FF-4A75-9C6D-3DB7676B957A}\MpKsl43294a47.sys [X]
S1 MpKsl4be569c2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22EF9CDE-F1F9-4029-B9AB-72D22E44D711}\MpKsl4be569c2.sys [X]
S1 MpKsl5459ff5b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0776B05-B67B-4C57-BECC-DF1F6A18E9B3}\MpKsl5459ff5b.sys [X]
S1 MpKsl59f83b3d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01ECB36E-7178-4F63-96EC-0D2153A77D9E}\MpKsl59f83b3d.sys [X]
S1 MpKsl7794caab; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1BAA5A0-436A-48BF-BF49-2C81E743F3F2}\MpKsl7794caab.sys [X]
S1 MpKsldf9a8a9c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0776B05-B67B-4C57-BECC-DF1F6A18E9B3}\MpKsldf9a8a9c.sys [X]
S1 MpKsle23ed45d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE57FA8B-50CA-4CAF-B326-69215354C436}\MpKsle23ed45d.sys [X]
S1 MpKsle5087028; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8087B174-C9D9-4E04-B186-639C85AE71AD}\MpKsle5087028.sys [X]
S2 mrtRate; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
C:\Program Files\mefeediatest
C:\Program Files\SmileyCentralIE_1w
C:\Program Files\DailyBibleGuide

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 58bowty

58bowty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 12 July 2015 - 10:52 AM

Hi nasdaq,

 

Thank You very much or your help. Sorry, I was gone yesterday, but I was able to work on my computer problem this morning. I could not find the FRST program this morning and had to download it again I ran the FRST program and it created the fixlog.txt file, but now it has disappeared along with the FRST p\rogram. Don't know where they went. I did a search of my C drive and can't find the fixlog file.

 

Also I ran the AdwCleaner scan and it listed a lot of programs. I'm not really sure what some of them are. I attached the Adwcleaner file. I'm not sure what to do next.

 

Thanks again for your help

 

Ty

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 12 July 2015 - 12:56 PM

Please run the AdwCleaner tool and select the Cleaning button.
This will remove everything that was found.

===

Your Norton may be removing the Farbar tool.

Download it again. If Norton object to it you will be given an option to accept the file.
===

If this not the issues then please download and run this tool.


Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#5 58bowty

58bowty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 13 July 2015 - 07:02 PM

Hi nasdaq,

 

Finally got this all done. I did find the FRST program. Norton had it quarantined, so I OK'd it and it came back along with the Fixlog.txt file. But when I  went to attach it, the file was gone again and I can't find it. I also attached the Adwcleaner file which I ran after cleaning. Also, I tried to attach the zoek-results log but it would not upload. I did get an error when I ran it so I  took a screen shot and attached it. One more thing, in the middle of this my Windows ran an automatic update. Only one change and I attached a txt.file of what that was. My computer seems to be back to normal. No messages from Norton regarding  Adware installer activity.  Let me know what else you would like me to do. I can't thank you enough for your help. I really appreciate it. Is there any kind of maintenance I should be doing to prevent problems in the future? I did read the tips from the AdwCleaner after it ran.

 

 

 

 

 

Thanks!

Your friend,

Ty

Attached Files



#6 58bowty

58bowty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 13 July 2015 - 09:20 PM

Hi nasdaq,

 

Zoek wasn't done. It finally gave me a reboot and  a log which is attached.

 

Ty

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 14 July 2015 - 08:32 AM


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 58bowty

58bowty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 14 July 2015 - 08:38 AM

Thanks again nasdaq. I'll check it out.

 

Ty



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 20 July 2015 - 08:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users