Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disasteroids


  • This topic is locked This topic is locked
10 replies to this topic

#1 firestar9mm

firestar9mm

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 07 September 2015 - 01:59 AM

First, let me say that I'm no computer guru by any means.

Now my problem. My computer (Windows 8) is plagued by something called Disasteroids. I won't go into great detail unless asked to do so because whomever responds to my question may already be well versed on Disasteroids. I will say that whenever I'm on the internet, I've got ads popping up all over, some can't be closed until after a certain amount of time, and I've ran into a few that can't be closed at all, some complete block any other operations until they are closed. Also, certain words within a document will be a different color and underlined, like a link. When the mouse pointer is hovered over them a window with an ad will pop up.

I've tried to remove Disasteroids through various methods but can't get rid of it. Any help that you can provide will be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 07 September 2015 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 firestar9mm

firestar9mm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 11 September 2015 - 01:02 AM

Hello nasdaq,

Thank you for your response. I am currently having serious problems with my ISP. Downloads are very slow that they often fail completely. AT&T is supposed to come out and fix it tomorrow evening or Saturday morning. Plus my beloved Disasteroids makes it very difficult to click on a link without one of their ads popping up. Please don't give up on me if you don't hear from me for a couple of days. Believe me, I'm trying to follow your instructions.

firestar9mm



#4 firestar9mm

firestar9mm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 11 September 2015 - 03:24 AM

nasdaq,

I accomplished the first part of your instructions regarding Malwarebytes, but the results weren't quite as you described. When I initially launched the program it said something like "never been scanned" and there was a "Fix Now" option. I clicked on the fix button and it ran a scan. When it was done I clicked on Settings, then Detections and Protections. "Use Advanced Heuristics Engine" and "Scan Within Archives" were already selected. I also selected "Scan for rootkits". I clicked on Scan. The "Threat Scan" option was already selected. Then I clicked Start Scan and it want through the scanning process again.When it was done it displayed a list of the findings but there was no option to quarantine, or any other action except "Remove Selected", "Save Results" (which I did), and Cancel. There was no "View detailed log" or "Export" options. So, that is as far as I've gotten so far, and I will wait for clarification from you before I do anything else. You should find the results log below (this is from the second scan, not the initial scan that ran when I clicked on "Fix Now"):

Thanks,

firestar9mm

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/11/2015
Scan Time: 12:19 AM
Logfile: malwarebytes_results_2.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.11.02
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Larry
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 463671
Time Elapsed: 39 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 2
PUP.Optional.Disasteroids, C:\ProgramData\MknItYaf\avivOgSE.exe, 2028, , [ddc1949ae5a62412893a9f1b28d9639d]
PUP.Optional.WebSteroids, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 5156, , [b6e80e20a7e485b1b8569a4ae022d52b]
 
Modules: 1
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf\dat\xWcJyS.dll, , [b7e7c26cdab14ee8cfa349552bda28d8], 
 
Registry Keys: 61
PUP.Optional.Disasteroids, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\avivOgSE, , [ddc1949ae5a62412893a9f1b28d9639d], 
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [b6e80e20a7e485b1b8569a4ae022d52b], 
PUP.Optional.WebSteroids, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, , [b6e80e20a7e485b1b8569a4ae022d52b], 
PUP.Optional.WebSteroids, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [b6e80e20a7e485b1b8569a4ae022d52b], 
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [b6e80e20a7e485b1b8569a4ae022d52b], 
PUP.Optional.DynConIE, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [2c72e5495932d56152e0429b719148b8], 
PUP.Optional.DynConIE, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [2c72e5495932d56152e0429b719148b8], 
PUP.Optional.DynConIE, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [2c72e5495932d56152e0429b719148b8], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, , [7f1f4ae4f398f24432f009d84cb6ad53], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [7f1f4ae4f398f24432f009d84cb6ad53], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [7f1f4ae4f398f24432f009d84cb6ad53], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [7f1f4ae4f398f24432f009d84cb6ad53], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, , [7f1f4ae4f398f24432f009d84cb6ad53], 
PUP.Optional.SearchProtect, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [e5b962ccd2b9bd79ba7c08daf50d48b8], 
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [831b86a86d1ee551ba66637ec63c1fe1], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [831b86a86d1ee551ba66637ec63c1fe1], 
PUP.Optional.DigitalSites, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DigitalSite, , [2e70a08e7c0f56e0843e6e4c9c65a060], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\CrossriderApp0026278.BHO, , [ccd2eb43a4e75adc7277c7c3a75d4bb5], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\CrossriderApp0026278.BHO.1, , [7f1f81ad0a812c0a8d5cf298966e837d], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\CrossriderApp0026278.Sandbox, , [435b7bb3fa91ed494e9bc3c7828205fb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\CrossriderApp0026278.Sandbox.1, , [a8f62e004447ab8b8168a3e78183738d], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}, , [2d71230b72191b1bb46f1491dc283bc5], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [4e50072787045cda28c8d6930afabf41], 
PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Digital Sites, , [079737f7b1da81b5f23b246a14f0f907], 
PUP.Optional.DigitalSite, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DigitalSite, , [a3fb8ca2513a2511e247513de91b8f71], 
PUP.Optional.Hosts, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Updater26278.exe, , [a2fc82ac7912e35345b50e1a5da68080], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\mysearchdial, , [1b83ca64ec9f221486a040659e66936d], 
PUP.Optional.SolidSavings, HKLM\SOFTWARE\WOW6432NODE\Solid Savings, , [306e8ea0b8d3f046d4c54e66e81ccb35], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0026278.BHO, , [0896b47a0487b18532b774165da7ac54], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0026278.BHO.1, , [c3db6fbf503b4ee813d6325852b25ea2], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0026278.Sandbox, , [c4da82ac266545f1dd0c256516eef907], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0026278.Sandbox.1, , [f3ab40ee4c3fe1559257cdbd8d77748c], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{418AD5BA-1C21-4A23-8218-3751A782DAEA}, , [7a24e44ae3a832042f264b41df250df3], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45E32D3D-628F-4EA5-9F03-E0662BB11C31}, , [b3eb0a248cffc373b2a46e1e8c78a55b], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1769F7-EDE8-46DD-B0CF-78554C5A6F3F}, , [6b3349e5ccbfcd696fe8177531d36997], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM, , [ff9fa48aa2e948eebfbd189833d1966a], 
PUP.Optional.DigitalSites, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\DSiteProducts, , [8f0fdc52b9d2a294ea425d312bd9d32d], 
PUP.Optional.InstallCore, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\InstallCore, , [673777b7c0cb44f2aad237631be9c838], 
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\mysearchdial.com, , [f6a8a5896e1dd75fc9561293798b8080], 
PUP.Optional.WeDownLoadManager, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\WEDLMNGR, , [544a47e7f893f44288fba11eb64e8080], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [d3cbf23c731870c680856b206c98ed13], 
PUP.Optional.MultiIE, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [f5a9e44a4f3c68ce5ad6802440c42dd3], 
PUP.Optional.SolidSavings, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\APPDATALOW\SOFTWARE\Solid Savings, , [6f2ffe304f3c0d29bed76b499a6adf21], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Innovative Apps, , [b7e7f737ef9caf879605bccf7391ba46], 
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}, , [0599f638c0cbc96d839a693c976d946c], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110211621178}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CrossriderApp0026278.BHO, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CrossriderApp0026278.BHO.1, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110211621178}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440244624478}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550255625578}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660266626678}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550255625578}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660266626678}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{55555555-5555-5555-5555-550255625578}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{66666666-6666-6666-6666-660266626678}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440244624478}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{44444444-4444-4444-4444-440244624478}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{11111111-1111-1111-1111-110211621178}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110211621178}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110211621178}, , [138bbb73e9a2aa8c6af599d51aeb35cb], 
 
Registry Values: 21
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|URL, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=, , [2d71230b72191b1bb46f1491dc283bc5]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|TopResultURLFallback, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=, , [049a67c76625c5711211efb62bd97f81]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|FaviconURL, http://start.mysearchdial.com/favicon.ico, , [bee0cc625734eb4b3ce72c7953b1837d]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|FaviconPath, C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico, , [a2fceb43ff8c3df99291bce9cf3543bd]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|FaviconURLFallback, http://start.mysearchdial.com/favicon.ico, , [b6e8111d6c1ffd39aa797d28e91b08f8]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}, Mysearchdial, , [edb18da195f65dd9bd666d3882825ba5]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|DisplayName, Mysearchdial, , [059940eeadde9c9ad74c9f0647bd6e92]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{418ad5ba-1c21-4a23-8218-3751a782daea}|AppName, Solid Savings-bg.exe, , [7a24e44ae3a832042f264b41df250df3]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45e32d3d-628f-4ea5-9f03-e0662bb11c31}|AppName, Solid Savings-buttonutil.exe, , [b3eb0a248cffc373b2a46e1e8c78a55b]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f1769f7-ede8-46dd-b0cf-78554c5a6f3f}|AppName, Solid Savings-codedownloader.exe, , [6b3349e5ccbfcd696fe8177531d36997]
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM|TS, 0, , [ff9fa48aa2e948eebfbd189833d1966a]
PUP.Optional.Trovi, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M796A0CCE-D3B4-4594-A00A-546F33EF6AAE&SearchSource=58&CUI=&UM=6&UP=SP5728B395-B8C5-4DFA-96FD-9DF9E896828C&q={searchTerms}&SSPV=SP21715VA_sp_ie, , [3c62e747404bf145ac36b604669e08f8]
PUP.Optional.Conduit, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, , [950981ad7d0e5bdb5d3ef394fd07db25]
PUP.Optional.Trovi, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi search, , [4a540a243e4d1d19dc06902a996b1fe1]
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|URL, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=, , [0599f638c0cbc96d839a693c976d946c]
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|TopResultURLFallback, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=, , [dec0fe3046453006ce4f436220e4bc44]
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|FaviconURL, http://start.mysearchdial.com/favicon.ico, , [a7f72905c6c5092d6ab374310cf8c040]
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|FaviconPath, C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico, , [a0feef3f434863d3c7564f561ce8af51]
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|FaviconURLFallback, http://start.mysearchdial.com/favicon.ico, , [217d9f8f2e5d171fca53d9cc17edee12]
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}, Mysearchdial, , [3d61a08e0f7c2d099984e8bd4bb9fd03]
PUP.Optional.MySearchDial, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6F13A408-0420-4F52-B79B-7EA1C17B2662}|DisplayName, Mysearchdial, , [9509a28c56352e0874a95154df25e51b]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 68
PUP.Optional.CartWheelShopping, C:\Users\Larry\AppData\Roaming\Cartwheel, , [1c820d216b20ea4c7ff881036c98df21], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.MixVideoPlayer, C:\Users\Larry\AppData\Local\mixvideoplayer, , [1e808ba3a9e2f244caca9f04b84c60a0], 
PUP.Optional.MixVideoPlayer, C:\Users\Larry\AppData\Local\mixvideoplayer\Playlists, , [1e808ba3a9e2f244caca9f04b84c60a0], 
PUP.Optional.MixVideoPlayer, C:\Users\Larry\AppData\Local\mixvideoplayer\Snap, , [1e808ba3a9e2f244caca9f04b84c60a0], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\Controls, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\references, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\Windows, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.UpdateProc, C:\Users\Larry\AppData\Roaming\DigitalSite\UpdateProc, , [831b5dd1c4c7d2644c988437c93bfb05], 
PUP.Optional.UpdateProc, C:\Users\Larry\AppData\Roaming\DigitalSite, , [831b5dd1c4c7d2644c988437c93bfb05], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Local\Consumer Input, , [f3ab1618494200361c8dee157f848779], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Local\Consumer Input\CrashReports, , [f3ab1618494200361c8dee157f848779], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\CrashReports, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Firefox, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\InternetExplorer, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Monitoring, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Update, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Update\Download, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28}, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Update\Install, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Update\Install\{26FD1DD6-6790-42D6-808D-FCFE24E0476B}, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Update\Offline, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Update\Offline\{D383C378-3AA7-4BC8-8A1C-A88EB202FBD3}, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.Disasteroids, C:\Users\Larry\AppData\Local\Disasteroids, , [bee0f539c6c5310508a9e823bd46c63a], 
PUP.Optional.GamesDesktop, C:\Users\Larry\AppData\Local\gmsd_us_305, , [a1fd250997f44ceae751b25d966dea16], 
PUP.Optional.GamesDesktop, C:\Users\Larry\AppData\Local\gmsd_us_305\gmsd_us_305, , [a1fd250997f44ceae751b25d966dea16], 
PUP.Optional.GamesDesktop, C:\Users\Larry\AppData\Local\gmsd_us_305\gmsd_us_305\1.20, , [a1fd250997f44ceae751b25d966dea16], 
PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_us_305, , [fca28ca24d3ed95d74c5b05f57ac669a], 
PUP.Optional.KlipPal, C:\Users\Larry\AppData\Local\Temp\Klip Pal, , [306ed35beaa1f046548f838f0af9b749], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\Database, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\log, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\LocalLow\mysearchdial, , [0599ab83414a2c0af3118395ad56cf31], 
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\LocalLow\mysearchdial\mysearchdial, , [0599ab83414a2c0af3118395ad56cf31], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ar, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\bs-Cyrl-BA, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\bs-Latn-BA, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\da, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\de, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\es, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\fil-PH, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\fr, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\he, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\hr-HR, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\it, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ja, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\nl, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\no, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\se-FI, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sr-Cyrl-RS, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sr-Latn-RS, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sv, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner, , [efaf37f71c6fba7c5764c555d13233cd], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9\3rd Party Licenses, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.Qwiklinx, C:\Users\Larry\AppData\Roaming\Qwiklinx, , [9ffff43a098275c170c8e03b6d9607f9], 
PUP.Optional.Qwiklinx, C:\Users\Larry\AppData\Roaming\Qwiklinx\TestFeeds, , [9ffff43a098275c170c8e03b6d9607f9], 
PUP.Optional.Qwiklinx, C:\Program Files (x86)\Qwiklinx, , [ecb2ba749fec0630053744d76d966997], 
PUP.Optional.Updater, C:\Users\Larry\AppData\Roaming\DigitalSites\UpdateProc, , [acf2a9852269cc6a31c580a207fcc040], 
PUP.Optional.Wajam, C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam, , [435b42ecb9d2fd3931f5061ebf448b75], 
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf\dat, , [a5f983ab5338eb4b85bac1e346bf7987], 
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf, , [a5f983ab5338eb4b85bac1e346bf7987], 
 
Files: 161
PUP.Optional.Disasteroids, C:\ProgramData\MknItYaf\avivOgSE.exe, , [ddc1949ae5a62412893a9f1b28d9639d], 
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf\dat\xWcJyS.dll, , [b7e7c26cdab14ee8cfa349552bda28d8], 
PUP.Optional.WebSteroids, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, , [b6e80e20a7e485b1b8569a4ae022d52b], 
PUP.Optional.Disasteroids, C:\ProgramData\MknItYaf\dat\kTCOVF.exe, , [6e3059d53a5192a4566dedcd52af4ab6], 
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf\dat\wVVsIJPG.dll, , [d8c6cc62e7a468ce6a085c42d035d729], 
PUP.Optional.Disasteroids, C:\ProgramData\MknItYaf\dat\XnJqWl.exe, , [ddc1d35b07848fa7655e3783f908c739], 
PUP.Optional.DigitalSites, C:\Users\Larry\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe, , [2e70a08e7c0f56e0843e6e4c9c65a060], 
PUP.Optional.RegCleanPro, C:\Windows\System32\roboot64.exe, , [3f5fcf5f7912d660dcbd128938cdd729], 
PUP.Optional.Hosts, C:\Windows\System32\Tasks\Updater26278.exe, , [7a24f43ae2a9d1658f7ce4552bd89070], 
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [dbc331fd5437de581dd60b5ed52f9868], 
PUP.Optional.Browser, C:\ProgramData\Browser\prompt.exe.config, , [bee0eb4323684aec281c5032719350b0], 
PUP.Optional.CartWheelShopping, C:\Users\Larry\AppData\Roaming\Cartwheel\unins000.dat, , [1c820d216b20ea4c7ff881036c98df21], 
PUP.Optional.CartWheelShopping, C:\Users\Larry\AppData\Roaming\Cartwheel\Test.htm, , [1c820d216b20ea4c7ff881036c98df21], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input\DCA_config_gladiolus000fox.dat, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_diagnostic_gladiolus000fox.dat, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_gladiolus000fox.dat, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_serp_gladiolus000fox.dat, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_shoppingcart_gladiolus000fox.dat, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input\DCA_notification_gladiolus000fox.dat, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input\DCA_privacy_gladiolus000fox.dat, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input\DCA_voicebox_rules_gladiolus000fox.dat, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.ConsumerInput, C:\Users\Larry\AppData\Roaming\Compete\Consumer Input\DCA_whitelist_gladiolus000fox.dat, , [d1cda7875239ee483f87eb9c41c313ed], 
PUP.Optional.DigitalSite, C:\Windows\System32\Tasks\DigitalSite, , [128c86a8e7a44bebb176b2dce71d1be5], 
PUP.Optional.DigitalSite, C:\Windows\Tasks\DigitalSite.job, , [b5e91e105a31ae889e8a1e703fc5db25], 
PUP.Optional.DigitalSites, C:\Windows\System32\Tasks\Digital Sites, , [1b83df4fb7d4f24433f71b73857f629e], 
PUP.Optional.DigitalSites, C:\Windows\Tasks\Digital Sites.job, , [e7b78f9f701be650ca6189052fd5bb45], 
PUP.Optional.MixVideoPlayer, C:\Users\Larry\AppData\Local\mixvideoplayer\log.txt, , [1e808ba3a9e2f244caca9f04b84c60a0], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\mixvideoplayer.affcode, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\mixvideoplayer.uidnum, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\MixVideoPlayerUpdaterService.InstallLog, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\MixVideoPlayerUpdaterService.InstallState, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\Controls\Thumbs.db, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\references\extaudio.png, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\references\extvideo.png, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\references\folder.png, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\references\libreria.png, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\references\Thumbs.db, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MixVideoPlayer, C:\Program Files (x86)\MixVideoPlayer\Windows\Thumbs.db, , [811ded417912d95d4a4b5053a65ec43c], 
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\Mysearchdial.xml, , [2b73939b56359d99fc15b4f1d4302fd1], 
PUP.Optional.MySpeedDial, C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage, , [d5c9fb33048790a684ab0b9a6c98d12f], 
PUP.Optional.SearchProtect, C:\Windows\apppatch\apppatch64\VCLdr64.dll, , [5c429d910388290d7beec6eae1237e82], 
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, , [7a24bc72513acf67e288565a12f254ac], 
PUP.Optional.Trovi, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\trovi-search.xml, , [5846ce604f3cbc7ada04dddd59abab55], 
PUP.Optional.UpdateProc, C:\Users\Larry\AppData\Roaming\DigitalSite\UpdateProc\prod.dat, , [831b5dd1c4c7d2644c988437c93bfb05], 
PUP.Optional.UpdateProc, C:\Users\Larry\AppData\Roaming\DigitalSite\UpdateProc\config.dat, , [831b5dd1c4c7d2644c988437c93bfb05], 
PUP.Optional.UpdateProc, C:\Users\Larry\AppData\Roaming\DigitalSite\UpdateProc\info.dat, , [831b5dd1c4c7d2644c988437c93bfb05], 
PUP.Optional.UpdateProc, C:\Users\Larry\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT, , [831b5dd1c4c7d2644c988437c93bfb05], 
PUP.Optional.UpdateProc, C:\Users\Larry\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT, , [831b5dd1c4c7d2644c988437c93bfb05], 
PUP.Optional.Vitruvian, C:\Users\Larry\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, , [68360727a7e43bfb50f33786ff057090], 
PUP.Optional.Vitruvian, C:\Users\Larry\AppData\Local\Temp\vitruvian-installer-install-v0003, , [3f5f89a5375444f2b78cb904679db34d], 
PUP.Optional.Vitruvian, C:\Users\Larry\AppData\Local\Temp\vitruvian-installer-processes-v0002, , [ecb26ac4008bc76f45fec5f8ef15a957], 
PUP.Optional.Vitruvian, C:\Users\Larry\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, , [128c7eb0b3d8dc5a64dfd7e6c242e31d], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.log, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Consumer Input\Monitoring\manifest.json, , [623c56d8296283b3ab0143c0857e60a0], 
PUP.Optional.Disasteroids, C:\Users\Larry\AppData\Local\Disasteroids\data2.dat, , [bee0f539c6c5310508a9e823bd46c63a], 
PUP.Optional.GamesDesktop, C:\Users\Larry\AppData\Local\gmsd_us_305\upgmsd_us_305.cyl, , [a1fd250997f44ceae751b25d966dea16], 
PUP.Optional.GamesDesktop, C:\Users\Larry\AppData\Local\gmsd_us_305\user_profil.cyp, , [a1fd250997f44ceae751b25d966dea16], 
PUP.Optional.GamesDesktop, C:\Users\Larry\AppData\Local\gmsd_us_305\gmsd_us_305\1.20\cnf.cyl, , [a1fd250997f44ceae751b25d966dea16], 
PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_us_305\unins000.dat, , [fca28ca24d3ed95d74c5b05f57ac669a], 
PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_us_305\unins000.msg, , [fca28ca24d3ed95d74c5b05f57ac669a], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\aff.conf, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\de_DE.mo, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\es_ES.mo, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\it_IT.mo, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\log\APPLICATION.log, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\log\WAIT_HANDLES.log, , [dec060ce8efda6908361c75036cddf21], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Microsoft.Win32.TaskScheduler.xml, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Microsoft.Deployment.WindowsInstaller.xml, , [445ae94537541c1a6d4b190132d1629e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\errors, , [efaf37f71c6fba7c5764c555d13233cd], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\errors_data, , [efaf37f71c6fba7c5764c555d13233cd], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\fileerrors, , [efaf37f71c6fba7c5764c555d13233cd], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\fileerrors_data, , [efaf37f71c6fba7c5764c555d13233cd], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\log.txt, , [efaf37f71c6fba7c5764c555d13233cd], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\logerror.txt, , [efaf37f71c6fba7c5764c555d13233cd], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9\terms-of-service.rtf, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9\3rd Party Licenses\buildcrx-license.txt, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9\3rd Party Licenses\Info-ZIP-license.txt, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9\3rd Party Licenses\JSON-simple-license.txt, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9\3rd Party Licenses\nsJSON-license.txt, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9\3rd Party Licenses\Nustache-license.txt, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9\3rd Party Licenses\TaskScheduler-license.txt, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.QuickRef, C:\Program Files (x86)\QuickRef_1.10.0.9\3rd Party Licenses\UAC-license.txt, , [118df23ccfbcff37012251ca13f0e917], 
PUP.Optional.Qwiklinx, C:\Users\Larry\AppData\Roaming\Qwiklinx\Test.htm, , [9ffff43a098275c170c8e03b6d9607f9], 
PUP.Optional.Qwiklinx, C:\Users\Larry\AppData\Roaming\Qwiklinx\TestFeeds\topkeywords.dat, , [9ffff43a098275c170c8e03b6d9607f9], 
PUP.Optional.Qwiklinx, C:\Program Files (x86)\Qwiklinx\unins000.dat, , [ecb2ba749fec0630053744d76d966997], 
PUP.Optional.Updater, C:\Users\Larry\AppData\Roaming\DigitalSites\UpdateProc\config.dat, , [acf2a9852269cc6a31c580a207fcc040], 
PUP.Optional.Updater, C:\Users\Larry\AppData\Roaming\DigitalSites\UpdateProc\info.dat, , [acf2a9852269cc6a31c580a207fcc040], 
PUP.Optional.Updater, C:\Users\Larry\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, , [acf2a9852269cc6a31c580a207fcc040], 
PUP.Optional.Updater, C:\Users\Larry\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, , [acf2a9852269cc6a31c580a207fcc040], 
PUP.Optional.Wajam, C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\uninstall.lnk, , [435b42ecb9d2fd3931f5061ebf448b75], 
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf\dat\kTCOVF.exe.config, , [a5f983ab5338eb4b85bac1e346bf7987], 
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf\dat\XnJqWl.exe.config, , [a5f983ab5338eb4b85bac1e346bf7987], 
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf\avivOgSE.dat, , [a5f983ab5338eb4b85bac1e346bf7987], 
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf\avivOgSE.exe.config, , [a5f983ab5338eb4b85bac1e346bf7987], 
PUP.Optional.PullUpdate, C:\ProgramData\MknItYaf\info.dat, , [a5f983ab5338eb4b85bac1e346bf7987], 
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "dsites");), ,[900e8ea0ee9d9e98a42ef3adc5408c74]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (rences
 
/* Do not edit this file.
 *
 * If you make changes to this file while th), ,[1985b975cac14bebf3dfedb35aabfb05]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (e.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To mak), ,[3d612b036c1f72c4933fa5fbd13402fe]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (nning,
 * the changes will be overwritten when t), ,[0b930e203a5165d1eae8d6ca768f31cf]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (eferences
 
/* Do not edit this file.
 *
 * If yo), ,[257982ac078433032ea46e32778e6d93]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (rences
 
/* Do not edit this file.
 *
 * If yo), ,[534bbf6f98f31a1c04ce2f71a36227d9]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (rences
 
/* Do not edit this file.
 *
 * If you), ,[009e72bca5e678be2fa30e9219ec06fa]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (ferences
 
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */
 
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1427024285);
user_pref("app.update.lastUpdateTime.background-update-timer", 1427024165);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1427024525);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1427031845);
user_pref("app.update.lastUpdateTim), ,[326c4fdf87044cea08cae0c0867fc838]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: ( 1427031845);
user_pref("app.update.lastUpdateTime.), ,[dec00925404bf93df6dc89176a9b4cb4]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (rences
 
/* Do not edit this file.
 *
 * If you make changes to this file whi), ,[217d9f8fe8a345f101d1267a5ca9f20e]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (s file.
 *
 * If you make changes to this file), ,[f7a7bf6f0784df57448e19872adb55ab]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (references
 
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preference), ,[3866002e8a0149ed1ab8b7e92dd823dd]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (s.
 *
 * To make a manual change to preferences, you can v), ,[495571bda6e55ed826ac9010cf361ce4]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (
/* Do not edit this file.
 *
 * If you make changes), ,[524c012df4976bcb25ad37697e87b947]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (ces
 
/* Do not edit this file.
 *
 * If you ma), ,[aef058d66d1ee5511eb45e4236cfa759]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (ferences
 
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preference), ,[2e70e747fa91b77f13bf7d236c99c13f]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (its.
 *
 * To make a manual change to preferences, you can visit ), ,[0b93210d06853bfb6b67435dd3325ba5]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: ( not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the ), ,[425c1a14a1ea350171615848ba4b53ad]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */
 
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1427024285);
user_pref("), ,[3767f638eba094a23b97920e61a40ff1]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: ( overwritten when the application exits.
 *
 * To make a ), ,[2d716fbf4b40181e478be7b9f31238c8]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (
 
/* Do not edit this file.
 *
 * If you make changes to t), ,[732b9b93b4d784b2be14079962a31de3]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (
/* Do not edit this file.
 *
 * If you make c), ,[c4da60ce63280432e6ec435db94c0ff1]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (references
 
/* Do not edit this file.
 *
 * If you make cha), ,[1e8064ca43483105c80ab0f0b94cd12f]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (* Do not edit this file.
 *
 * If you make changes), ,[bde1f23cbecd7eb8c80ad7c9d23304fc]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (rences
 
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can ), ,[e6b840eef29986b0c210e8b8b2530000]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (
 * To make a manual change to preferences, you can vi), ,[b0eea18d315ac86e8c46cfd16e97c33d]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (nces
 
/* Do not edit this file.
 *
 * If you make c), ,[9d0170beddae191d8e445c44a1647a86]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (ferences
 
/* Do not edit this file.
 *
 * If you ), ,[faa44ce2afdc280e874b1e82768fee12]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (ences
 
/* Do not edit this file.
 *
 * If you make ), ,[f0ae161899f2a5915181f4ac7e8728d8]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js, Good: (), Bad: (ces
 
/* Do not edit this file.
 *
 * If you make changes to t), ,[396572bcaedd49edd8faa4fce421c937]
PUP.Optional.MySearch, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.aflt", "dsites");), ,[7c22aa84c8c31e18ab250b956b9a1ce4]
PUP.Optional.MySearch, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (s.mysearchdial.hmpg", true);
user_pref("extensi), ,[1c822c02fb90b5817957544ce4216997]
PUP.Optional.MySearch, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (ons.mysearchdial.hmpg", true);
user_pref("extensi), ,[d4ca35f9b2d90a2c9a369b052adb1ce4]
PUP.Optional.MySearch, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (s.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDt), ,[b9e58ea0117a75c1e3edeeb2897c5ea2]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true);), ,[efaf0a24ff8c3600ebe9bae64abb22de]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (sions.mysearchdial.hmpg", true);
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (N0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Cz), ,[940a7eb083083cfaae26f6aa48bd8c74]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (s.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdia), ,[801e61cdd0bbb77f25af4f51e22301ff]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (ial.hmpg", true);
user_pref("extensions.mysearchd), ,[fda1c7671378d0666272dfc1b84d2dd3]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (ons.mysearchdial.hmpg", true);
user_pref("extensions), ,[acf243eb0f7c0a2c23b1217fb35220e0]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (.mysearchdial.hmpg", true);
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearch), ,[a5f93df1fe8d53e3ddf7782851b41be5]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=), ,[247a4ce2cdbe082ebf155b454abb44bc]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (chdial.hmpg", true);
user_pref("extensions.mysearchdia), ,[a0febd717714c0766b69acf4a5604eb2]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (ysearchdial.hmpg", true);
user_pref("extensions.mysea), ,[6935cf5ff794fd39ce06465a47bec23e]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (mysearchdial.hmpg", true);
user_pref("extensions.mysea), ,[c4da6fbf4546b4826470b2ee39cc2bd5]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (ysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmp), ,[6d318ca26e1de94dbb19990758ad8c74]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (l.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl",), ,[247a191547443006b4206f31a5605ca4]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (hdial.hmpg", true);
user_pref("extensions.mysearchdial.hmp), ,[435b1f0fc7c438fee5efb3ed2dd810f0]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (rchdial.hmpg", true);
user_pref("extensions.mysearc), ,[0a94a6882a6163d34490594728ddf20e]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (s.mysearchdial.hmpg", true);
user_pref("extensions.mys), ,[cad416187516e35304d0247c986d639d]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (ysearchdial.hmpg", true);
user_pref("extensions.mys), ,[712d55d9d1baa0966a6ab4ec0ef7db25]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (s.mysearchdial.hmpg", true);
user_pref("extension), ,[891527074e3d84b26d673c64d1346f91]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (ons.mysearchdial.hmpg", true);
user_pref("extens), ,[97076ac4b9d22016953fb2eedc2948b8]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (ions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http:/), ,[702e81ad5d2ef145e5efe8b81ee7728e]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (r_pref("extensions.mysearchdial.hmpgUrl", "http://st), ,[d2cc2608612a55e1a62e910f23e28779]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (ons.mysearchdial.hmpg", true);
user_pref("extension), ,[415d131bbecdfb3b03d1a6fadd287c84]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (s.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAt), ,[a1fd49e5afdc999db22200a050b5768a]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=");), ,[811d42ec8506a98dcf062f710500ce32]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: ("Mysearchdial");
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyE), ,[6f2f4ce2fa91cc6a5f763b65b253d030]
PUP.Optional.MySearchDial, C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js, Good: (), Bad: (2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.srchPrvdr", "Myse), ,[05995ad47714f5413c99b8e8778eb749]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 11 September 2015 - 08:18 AM

This is a badly infested computer.
Some restrictions may have been set and you are not able to run MBAM normally.

For not just download and run the Farbar Recovery Scan Tool previously requested.

Will take it from there.

#6 firestar9mm

firestar9mm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 11 September 2015 - 09:56 PM

nasdac,

Here are the files you requested.Attached File  Addition.txt   38.82KB   2 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Larry (administrator) on DESKTOPPC (11-09-2015 19:45:36)
Running from C:\Users\Larry\Desktop
Loaded Profiles: Larry (Available Profiles: Larry)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Acute Angle Solutions) C:\ProgramData\MknItYaf\avivOgSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Config.Msi\103c9487.rbf
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-01] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] ()
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-05-13] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Larry\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk [2013-12-06]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-06-07]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49554;https=127.0.0.1:49554
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1BE9F9F7-C7A5-489D-80E0-F95449DA4AD5}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C541B6F1-DA4F-4829-B025-F615D218ABE9}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2963877913-1144948023-577571859-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2963877913-1144948023-577571859-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {6F13A408-0420-4F52-B79B-7EA1C17B2662} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=
SearchScopes: HKLM -> {6F13A408-0420-4F52-B79B-7EA1C17B2662} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> DefaultScope {9DAE8F43-EB92-4279-9376-C9999F5E1358} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US679D20130607&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M796A0CCE-D3B4-4594-A00A-546F33EF6AAE&SearchSource=58&CUI=&UM=6&UP=SP5728B395-B8C5-4DFA-96FD-9DF9E896828C&q={searchTerms}&SSPV=SP21715VA_sp_ie
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {6F13A408-0420-4F52-B79B-7EA1C17B2662} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {9DAE8F43-EB92-4279-9376-C9999F5E1358} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US679D20130607&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {DEBC5E9D-1846-444B-84FD-8C353F22D04D} URL = hxxp://websearch.shopathome.com?user_id={0F35EFFE-2C96-43F6-A073-BAB1503C9791}&q={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2012-11-09] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Solid Savings -> {11111111-1111-1111-1111-110211621178} -> C:\Program Files (x86)\Solid Savings\Solid Savings-bho.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default
FF NewTab: about:blank
FF DefaultSearchEngine: Secure Search
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxps://www.google.com/?gws_rd=ssl
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=mcafee&type=B111US679D20130607&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js [2013-12-21]
FF SearchPlugin: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\Mysearchdial.xml [2013-11-26]
FF SearchPlugin: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\trovi-search.xml [2014-11-15]
FF SearchPlugin: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\yahoo-msd.xml [2014-08-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-02-03]
FF Extension: Pin It button - C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\Extensions\pinterest@robertnyman.com.xpi [2014-02-22]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US679D20130607&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]
CHR Extension: (YouTube) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12]
CHR Extension: (Google Sheets) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (SiteAdvisor) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-12]
CHR Extension: (Google Docs Offline) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Shareaholic for Pinterest) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2015-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12]
CHR Extension: (Gmail) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-08-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-08-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0172581441511436mcinstcleanup; C:\WINDOWS\TEMP\017258~1.EXE [883024 2015-05-04] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations) [File not signed]
R2 avivOgSE; C:\ProgramData\MknItYaf\avivOgSE.exe [2321792 2014-10-02] (Acute Angle Solutions)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-09] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACR39U; C:\Windows\system32\DRIVERS\acr39u.sys [62848 2014-08-21] (Advanced Card Systems Ltd.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-11] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 19:45 - 2015-09-11 19:46 - 00025639 _____ C:\Users\Larry\Desktop\FRST.txt
2015-09-11 19:45 - 2015-09-11 19:45 - 00000000 ____D C:\FRST
2015-09-11 19:44 - 2015-09-11 19:42 - 02190848 _____ (Farbar) C:\Users\Larry\Desktop\FRST64.exe
2015-09-11 19:41 - 2015-09-11 19:42 - 02190848 _____ (Farbar) C:\Users\Larry\Downloads\FRST64.exe
2015-09-11 01:00 - 2015-09-11 01:00 - 00054275 _____ C:\Users\Larry\Desktop\malwarebytes_results_2.txt
2015-09-11 00:04 - 2015-09-11 00:04 - 00054895 _____ C:\Users\Larry\Desktop\malwarebytes_initial_results.txt
2015-09-10 23:22 - 2015-09-11 00:16 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-10 23:21 - 2015-09-10 23:21 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-10 23:21 - 2015-09-10 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-10 23:21 - 2015-09-10 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-10 23:21 - 2015-09-10 23:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-10 23:21 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-10 23:21 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-10 23:21 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-10 23:16 - 2015-09-10 23:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Larry\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-10 20:02 - 2015-09-10 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-09 00:46 - 2015-09-09 00:46 - 00010043 _____ C:\Users\Larry\Desktop\Books.txt
2015-09-08 21:39 - 2015-07-30 10:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-08 21:39 - 2015-07-30 09:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-08 21:39 - 2015-06-27 04:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-08 21:37 - 2015-07-13 12:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-08 21:37 - 2015-06-19 10:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-08 21:36 - 2015-08-03 14:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-08 21:36 - 2015-08-03 14:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-08 21:36 - 2015-08-01 07:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-08 21:33 - 2015-07-13 20:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-19 01:12 - 2015-08-10 18:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 01:12 - 2015-08-10 17:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 20:03 - 2015-07-30 07:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:03 - 2015-07-30 06:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:31 - 2015-07-18 18:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 05:31 - 2015-07-18 11:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 05:31 - 2015-07-18 11:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 05:31 - 2015-07-18 11:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 05:31 - 2015-07-18 11:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 05:31 - 2015-07-18 11:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 05:31 - 2015-07-18 11:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 05:31 - 2015-07-18 11:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 05:31 - 2015-07-18 11:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 05:31 - 2015-07-18 11:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 05:31 - 2015-07-18 11:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 05:31 - 2015-07-18 11:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 05:30 - 2015-07-28 16:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 05:30 - 2015-07-28 07:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 05:30 - 2015-07-28 07:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 05:30 - 2015-07-28 07:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 05:30 - 2015-07-28 07:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 05:30 - 2015-07-28 07:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 05:30 - 2015-07-28 07:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 05:30 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 05:30 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 05:30 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 05:30 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 05:30 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 05:30 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 05:30 - 2015-07-16 12:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 05:30 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 05:30 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 05:30 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 05:30 - 2015-07-16 12:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 05:30 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 05:30 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 05:30 - 2015-07-16 12:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 05:30 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 05:30 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 05:30 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 05:30 - 2015-07-16 12:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 05:30 - 2015-07-16 12:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 05:30 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 05:30 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 05:30 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 05:30 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 05:30 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 05:30 - 2015-07-16 11:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 05:30 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 05:30 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 05:30 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 05:30 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 05:30 - 2015-07-15 17:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 05:30 - 2015-07-15 17:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 05:30 - 2015-07-15 17:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 05:30 - 2015-07-15 17:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 05:30 - 2015-07-10 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 05:30 - 2015-07-07 02:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 05:30 - 2015-07-07 02:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 05:30 - 2015-07-07 02:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 05:30 - 2015-07-01 15:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 05:30 - 2015-07-01 15:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 05:30 - 2015-07-01 14:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 05:30 - 2015-07-01 14:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 05:30 - 2015-06-12 10:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 05:30 - 2015-06-12 09:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 05:28 - 2015-07-14 14:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 05:28 - 2015-07-14 14:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 05:28 - 2015-07-14 14:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 05:28 - 2015-07-13 20:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 05:28 - 2015-07-13 20:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 05:28 - 2015-07-13 12:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 05:28 - 2015-07-13 12:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 05:28 - 2015-07-10 10:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 05:28 - 2015-07-10 09:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 05:28 - 2015-07-09 10:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 05:28 - 2015-07-09 10:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 05:28 - 2015-07-09 09:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 05:28 - 2015-06-11 13:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 05:28 - 2015-06-11 13:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 05:28 - 2015-05-11 17:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-12 05:27 - 2015-07-29 07:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 05:27 - 2015-07-29 07:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 05:27 - 2015-07-29 07:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 05:27 - 2015-07-24 11:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 05:27 - 2015-07-24 11:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 05:27 - 2015-07-24 11:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 05:27 - 2015-07-24 10:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 05:27 - 2015-07-24 10:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 05:27 - 2015-07-10 11:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 05:27 - 2015-07-10 10:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 05:27 - 2015-07-10 10:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 05:27 - 2015-07-10 09:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 19:41 - 2014-09-27 18:20 - 00000000 ____D C:\Users\Larry\AppData\Local\Disasteroids
2015-09-11 19:29 - 2013-12-14 08:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-11 19:10 - 2014-02-08 01:12 - 00000312 _____ C:\WINDOWS\Tasks\Digital Sites.job
2015-09-11 19:10 - 2013-11-26 16:10 - 00000312 _____ C:\WINDOWS\Tasks\DigitalSite.job
2015-09-11 19:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-11 18:50 - 2015-02-10 23:30 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-11 18:47 - 2014-01-31 09:49 - 01944454 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-11 13:50 - 2015-02-10 23:30 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 01:35 - 2013-06-06 21:44 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2963877913-1144948023-577571859-1001
2015-09-11 00:10 - 2013-11-26 17:11 - 00000093 _____ C:\Users\Larry\AppData\Roaming\WB.CFG
2015-09-10 23:21 - 2014-07-08 01:53 - 00566784 ___SH C:\Users\Larry\Desktop\Thumbs.db
2015-09-09 18:05 - 2015-07-27 23:11 - 00013419 _____ C:\Users\Larry\Desktop\uniforms.xlsx
2015-09-09 06:48 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 00:25 - 2013-06-07 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 00:25 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 00:24 - 2013-11-14 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 00:22 - 2013-08-14 19:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-07 10:35 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-05 21:07 - 2014-01-31 21:32 - 00000000 ___DO C:\Users\Larry\SkyDrive
2015-09-05 20:50 - 2013-11-14 00:28 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-05 20:50 - 2013-06-07 08:03 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-05 20:43 - 2014-01-31 09:33 - 00000000 ____D C:\Users\Larry
2015-09-05 20:43 - 2013-08-22 07:46 - 00323362 _____ C:\WINDOWS\setupact.log
2015-09-05 20:43 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-05 20:42 - 2013-11-14 00:20 - 00111704 _____ C:\WINDOWS\PFRO.log
2015-09-05 03:39 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-02 05:51 - 2015-02-12 22:33 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-28 13:45 - 2015-02-10 23:30 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 13:45 - 2015-02-10 23:30 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 18:37 - 2013-06-07 03:02 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-21 01:13 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-15 22:09 - 2013-08-22 07:44 - 00409712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-15 22:07 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 22:07 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 22:07 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-15 22:07 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-12 19:58 - 2015-04-16 21:16 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-12 19:58 - 2015-03-12 18:59 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-12 19:57 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 19:57 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
 
==================== Files in the root of some directories =======
 
2013-10-01 12:57 - 2013-10-01 12:57 - 0000000 _____ () C:\Users\Larry\AppData\Roaming\monFDE.log
2013-11-26 17:11 - 2015-09-11 00:10 - 0000093 _____ () C:\Users\Larry\AppData\Roaming\WB.CFG
2013-12-11 01:11 - 2014-01-03 01:12 - 0000005 _____ () C:\Users\Larry\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-26 17:11 - 2014-01-29 01:11 - 0000005 _____ () C:\Users\Larry\AppData\Roaming\WBPU-TTL.DAT
2013-08-21 17:08 - 2013-09-12 21:57 - 0009216 _____ () C:\Users\Larry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-07 07:25 - 2014-05-21 22:32 - 0007601 _____ () C:\Users\Larry\AppData\Local\resmon.resmoncfg
2013-12-06 00:55 - 2013-12-06 00:55 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-05 20:53
 
==================== End of FRST.txt ============================
 
 

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 12 September 2015 - 08:04 AM

Please remove this program in bold using the Add/Remove Programs applet.
Update for Zip Opener (HKU\S-1-5-21-2963877913-1144948023-577571859-1001\...\DigitalSite) (Version: - ) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Acute Angle Solutions) C:\ProgramData\MknItYaf\avivOgSE.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(Microsoft Corporation) C:\Config.Msi\103c9487.rbf
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Larry\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49554;https=127.0.0.1:49554
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6F13A408-0420-4F52-B79B-7EA1C17B2662} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=
SearchScopes: HKLM -> {6F13A408-0420-4F52-B79B-7EA1C17B2662} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M796A0CCE-D3B4-4594-A00A-546F33EF6AAE&SearchSource=58&CUI=&UM=6&UP=SP5728B395-B8C5-4DFA-96FD-9DF9E896828C&q={searchTerms}&SSPV=SP21715VA_sp_ie
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {6F13A408-0420-4F52-B79B-7EA1C17B2662} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {DEBC5E9D-1846-444B-84FD-8C353F22D04D} URL = hxxp://websearch.shopathome.com?user_id={0F35EFFE-2C96-43F6-A073-BAB1503C9791}&q={searchTerms}
BHO-x32: Solid Savings -> {11111111-1111-1111-1111-110211621178} -> C:\Program Files (x86)\Solid Savings\Solid Savings-bho.dll No File
FF user.js: detected! => C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js [2013-12-21]
FF SearchPlugin: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\Mysearchdial.xml [2013-11-26]
FF SearchPlugin: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\trovi-search.xml [2014-11-15]
FF SearchPlugin: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\yahoo-msd.xml [2014-08-05]
R2 avivOgSE; C:\ProgramData\MknItYaf\avivOgSE.exe [2321792 2014-10-02] (Acute Angle Solutions)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
C:\Users\Larry\AppData\Roaming\ShopAtHome
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\Mysearchdial.xml
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\trovi-search.xml 
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\yahoo-msd.xml
Task: {16DA9835-8B2F-4485-9724-42EC93488C5A} - System32\Tasks\Digital Sites => C:\Users\Larry\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {245DA608-6250-49BD-BD50-3EE57AEDF523} - System32\Tasks\DigitalSite => C:\Users\Larry\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {A05C1698-B00B-4314-ABE4-0868C18CCD85} - System32\Tasks\Updater26278.exe => C:\Users\Larry\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Larry\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\DigitalSite.job => C:\Users\Larry\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__323736303634303330312d23787845322a5b3434322d57.job => Wscript.exe d/B C:\ProgramData\PastaLeadsAgent\startprocess.js pastaleadss.exe <==== ATTENTION
C:\Users\Larry\AppData\Roaming\DIGITA~2
C:\Users\Larry\AppData\Roaming\DigitalSite
C:\Users\Larry\AppData\Local\Updater26278
C:\Users\Larry\AppData\Roaming\DIGITA~2
C:\Users\Larry\AppData\Roaming\DIGITA~1
C:\ProgramData\PastaLeadsAgent\startprocess.js pastaleadss.exe
C:\Users\Larry\AppData\Roaming\Cartwheel
C:\Users\Larry\AppData\Roaming\Compete
C:\Users\Larry\AppData\Local\mixvideoplayer
C:\Program Files (x86)\MixVideoPlayer
C:\Users\Larry\AppData\Local\Disasteroids
C:\Users\Larry\AppData\Local\gmsd_us_305
C:\Users\Larry\AppData\Local\Temp\Klip Pal
C:\Program Files (x86)\MyPC Backup
C:\Users\Larry\AppData\LocalLow\mysearchdial
C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6
C:\Program Files (x86)\QuickRef_1.10.0.9
C:\Users\Larry\AppData\Roaming\Qwiklinx
C:\Program Files (x86)\Qwiklinx
C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
C:\ProgramData\MknItYaf
RemoveProxy:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Please run the Adwcleaner tool requested in my first post, also run the MBAM tool one more time and remove everything that will be found.
Post the logs if you can.

===

How is the computer running now?

#8 firestar9mm

firestar9mm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 13 September 2015 - 01:28 PM

So far, so good. I've tried visiting a few web sites and no sign of disasteroids. I'll get back to you in a day or two to give you an update, but so far things are looking better than they have in a looooong time.

Thank you so much.

Here are the logs that you requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-09-2015
Ran by Larry (2015-09-13 09:23:22) Run:1
Running from C:\Users\Larry\Desktop
Loaded Profiles: Larry (Available Profiles: Larry)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Acute Angle Solutions) C:\ProgramData\MknItYaf\avivOgSE.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(Microsoft Corporation) C:\Config.Msi\103c9487.rbf
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Larry\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49554;https=127.0.0.1:49554
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6F13A408-0420-4F52-B79B-7EA1C17B2662} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=
SearchScopes: HKLM -> {6F13A408-0420-4F52-B79B-7EA1C17B2662} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M796A0CCE-D3B4-4594-A00A-546F33EF6AAE&SearchSource=58&CUI=&UM=6&UP=SP5728B395-B8C5-4DFA-96FD-9DF9E896828C&q={searchTerms}&SSPV=SP21715VA_sp_ie
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {6F13A408-0420-4F52-B79B-7EA1C17B2662} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=95816382&ir=
SearchScopes: HKU\S-1-5-21-2963877913-1144948023-577571859-1001 -> {DEBC5E9D-1846-444B-84FD-8C353F22D04D} URL = hxxp://websearch.shopathome.com?user_id={0F35EFFE-2C96-43F6-A073-BAB1503C9791}&q={searchTerms}
BHO-x32: Solid Savings -> {11111111-1111-1111-1111-110211621178} -> C:\Program Files (x86)\Solid Savings\Solid Savings-bho.dll No File
FF user.js: detected! => C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js [2013-12-21]
FF SearchPlugin: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\Mysearchdial.xml [2013-11-26]
FF SearchPlugin: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\trovi-search.xml [2014-11-15]
FF SearchPlugin: C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\yahoo-msd.xml [2014-08-05]
R2 avivOgSE; C:\ProgramData\MknItYaf\avivOgSE.exe [2321792 2014-10-02] (Acute Angle Solutions)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
C:\Users\Larry\AppData\Roaming\ShopAtHome
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\Mysearchdial.xml
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\trovi-search.xml 
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\yahoo-msd.xml
Task: {16DA9835-8B2F-4485-9724-42EC93488C5A} - System32\Tasks\Digital Sites => C:\Users\Larry\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {245DA608-6250-49BD-BD50-3EE57AEDF523} - System32\Tasks\DigitalSite => C:\Users\Larry\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {A05C1698-B00B-4314-ABE4-0868C18CCD85} - System32\Tasks\Updater26278.exe => C:\Users\Larry\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Larry\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\DigitalSite.job => C:\Users\Larry\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__323736303634303330312d23787845322a5b3434322d57.job => Wscript.exe d/B C:\ProgramData\PastaLeadsAgent\startprocess.js pastaleadss.exe <==== ATTENTION
C:\Users\Larry\AppData\Roaming\DIGITA~2
C:\Users\Larry\AppData\Roaming\DigitalSite
C:\Users\Larry\AppData\Local\Updater26278
C:\Users\Larry\AppData\Roaming\DIGITA~2
C:\Users\Larry\AppData\Roaming\DIGITA~1
C:\ProgramData\PastaLeadsAgent\startprocess.js pastaleadss.exe
C:\Users\Larry\AppData\Roaming\Cartwheel
C:\Users\Larry\AppData\Roaming\Compete
C:\Users\Larry\AppData\Local\mixvideoplayer
C:\Program Files (x86)\MixVideoPlayer
C:\Users\Larry\AppData\Local\Disasteroids
C:\Users\Larry\AppData\Local\gmsd_us_305
C:\Users\Larry\AppData\Local\Temp\Klip Pal
C:\Program Files (x86)\MyPC Backup
C:\Users\Larry\AppData\LocalLow\mysearchdial
C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6
C:\Program Files (x86)\QuickRef_1.10.0.9
C:\Users\Larry\AppData\Roaming\Qwiklinx
C:\Program Files (x86)\Qwiklinx
C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
C:\ProgramData\MknItYaf
RemoveProxy:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\MknItYaf\avivOgSE.exe => No running process found
C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp => No running process found
C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp => No running process found
C:\Config.Msi\103c9487.rbf => No running process found
C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp => No running process found
C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp => No running process found
C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp => No running process found
C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp => No running process found
C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x64BAB.tmp => No running process found
C:\Program Files\Common Files\McAfee\Platform\McU6516.tmp => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F13A408-0420-4F52-B79B-7EA1C17B2662}" => key removed successfully
HKCR\CLSID\{6F13A408-0420-4F52-B79B-7EA1C17B2662} => key not found. 
"HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F13A408-0420-4F52-B79B-7EA1C17B2662}" => key removed successfully
HKCR\CLSID\{6F13A408-0420-4F52-B79B-7EA1C17B2662} => key not found. 
"HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DEBC5E9D-1846-444B-84FD-8C353F22D04D}" => key removed successfully
HKCR\CLSID\{DEBC5E9D-1846-444B-84FD-8C353F22D04D} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211621178}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211621178}" => key removed successfully
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\user.js => moved successfully
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\Mysearchdial.xml => moved successfully
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\trovi-search.xml => moved successfully
C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\yahoo-msd.xml => moved successfully
avivOgSE => service removed successfully
BTATH_LWFLT => service removed successfully
"C:\Users\Larry\AppData\Roaming\ShopAtHome" => File/Folder not found.
"C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\Mysearchdial.xml" => File/Folder not found.
"C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\trovi-search.xml" => File/Folder not found.
"C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\searchplugins\yahoo-msd.xml" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16DA9835-8B2F-4485-9724-42EC93488C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16DA9835-8B2F-4485-9724-42EC93488C5A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Digital Sites => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{245DA608-6250-49BD-BD50-3EE57AEDF523}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{245DA608-6250-49BD-BD50-3EE57AEDF523}" => key removed successfully
C:\WINDOWS\System32\Tasks\DigitalSite => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A05C1698-B00B-4314-ABE4-0868C18CCD85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A05C1698-B00B-4314-ABE4-0868C18CCD85}" => key removed successfully
C:\WINDOWS\System32\Tasks\Updater26278.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe" => key removed successfully
C:\WINDOWS\Tasks\Digital Sites.job => moved successfully
C:\WINDOWS\Tasks\DigitalSite.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__323736303634303330312d23787845322a5b3434322d57.job => moved successfully
C:\Users\Larry\AppData\Roaming\DIGITA~2 => moved successfully
C:\Users\Larry\AppData\Roaming\DigitalSite => moved successfully
"C:\Users\Larry\AppData\Local\Updater26278" => File/Folder not found.
"C:\Users\Larry\AppData\Roaming\DIGITA~2" => File/Folder not found.
"C:\Users\Larry\AppData\Roaming\DIGITA~1" => File/Folder not found.
"C:\ProgramData\PastaLeadsAgent\startprocess.js pastaleadss.exe" => File/Folder not found.
C:\Users\Larry\AppData\Roaming\Cartwheel => moved successfully
C:\Users\Larry\AppData\Roaming\Compete => moved successfully
C:\Users\Larry\AppData\Local\mixvideoplayer => moved successfully
C:\Program Files (x86)\MixVideoPlayer => moved successfully
C:\Users\Larry\AppData\Local\Disasteroids => moved successfully
C:\Users\Larry\AppData\Local\gmsd_us_305 => moved successfully
C:\Users\Larry\AppData\Local\Temp\Klip Pal => moved successfully
C:\Program Files (x86)\MyPC Backup => moved successfully
C:\Users\Larry\AppData\LocalLow\mysearchdial => moved successfully
"C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6" => File/Folder not found.
C:\Program Files (x86)\QuickRef_1.10.0.9 => moved successfully
C:\Users\Larry\AppData\Roaming\Qwiklinx => moved successfully
C:\Program Files (x86)\Qwiklinx => moved successfully
C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam => moved successfully
C:\ProgramData\MknItYaf => moved successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 1.6 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 09:25:33 ====
 
******************************************************************************************************************
 
# AdwCleaner v5.007 - Logfile created 13/09/2015 at 09:38:33
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Larry - DESKTOPPC
# Running from : C:\Users\Larry\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Disasteroids
Folder Found : C:\Program Files (x86)\PepperZip
Folder Found : C:\Program Files (x86)\Uniblue
Folder Found : C:\Program Files (x86)\Consumer Input
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\ProgramData\Browser
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Larry\AppData\Local\Consumer Input
Folder Found : C:\Users\Larry\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Larry\AppData\LocalLow\ShopAtHome
Folder Found : C:\Users\Larry\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Larry\AppData\Roaming\Systweak
Folder Found : C:\Users\Larry\AppData\Roaming\Uniblue
Folder Found : C:\Users\Larry\AppData\Roaming\Yahoo!\Companion
Folder Found : C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
 
***** [ Files ] *****
 
File Found : C:\END
File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\WINDOWS\Sysnative\roboot64.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Classes\PepperZip
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKLM\SOFTWARE\mysearchdial
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\mysearchdial.com
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKU\S-1-5-21-2963877913-1144948023-577571859-1001\Software\AppDataLow\Software\Crossrider
Key Found : HKU\S-1-5-21-2963877913-1144948023-577571859-1001\Software\AppDataLow\Software\DynConIE
 
***** [ Web browsers ] *****
 
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.irmysearch.aflt", "dsites");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.irmysearch.cr", "95816382");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.irmysearch.instlRef", "");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.aflt", "dsites");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.cntry", "US");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.cr", "95816382");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.dfltLng", "");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.dfltSrch", true);
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.dnsErr", true);
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.excTlbr", false);
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.hdrMd5", "BBDB8D31734765BBD3F9FE245B20BF27");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.hmpg", true);
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1[...]
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.id", "7054D2533B858119");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.instlDay", "16035");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.instlRef", "");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1[...]
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.015:12:1");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCy[...]
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.sg", "none");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.tlbrId", "base");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czut[...]
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial_i.hmpg", true);
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial_i.newTab", false);
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:12:1");
[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : start.mysearchdial.com
[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11847 bytes] ##########
 
******************************************************************************************************************************************************
 
# AdwCleaner v5.007 - Logfile created 13/09/2015 at 09:45:23
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Larry - DESKTOPPC
# Running from : C:\Users\Larry\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Disasteroids
[-] Folder Deleted : C:\Program Files (x86)\PepperZip
[-] Folder Deleted : C:\Program Files (x86)\Uniblue
[-] Folder Deleted : C:\Program Files (x86)\Consumer Input
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Browser
[-] Folder Deleted : C:\ProgramData\Uniblue
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\Users\Larry\AppData\Local\Consumer Input
[-] Folder Deleted : C:\Users\Larry\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Larry\AppData\LocalLow\ShopAtHome
[-] Folder Deleted : C:\Users\Larry\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Larry\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\Larry\AppData\Roaming\Uniblue
[-] Folder Deleted : C:\Users\Larry\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\WINDOWS\Sysnative\roboot64.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Key Deleted : HKCU\Software\Classes\PepperZip
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[-] Key Deleted : HKCU\Software\dsiteproducts
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\mysearchdial.com
[-] Key Deleted : HKCU\Software\WEDLMNGR
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
[-] Key Deleted : HKLM\SOFTWARE\mysearchdial
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[!] Key Not Deleted : [x64] HKCU\Software\dsiteproducts
[!] Key Not Deleted : [x64] HKCU\Software\InstallCore
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\mysearchdial.com
[!] Key Not Deleted : [x64] HKCU\Software\WEDLMNGR
[!] Key Not Deleted : HKU\S-1-5-21-2963877913-1144948023-577571859-1001\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-21-2963877913-1144948023-577571859-1001\Software\AppDataLow\Software\DynConIE
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.irmysearch.aflt", "dsites");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.irmysearch.cr", "95816382");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.irmysearch.instlRef", "");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.aflt", "dsites");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.cntry", "US");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.cr", "95816382");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.hdrMd5", "BBDB8D31734765BBD3F9FE245B20BF27");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.hmpg", true);
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1[...]
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.id", "7054D2533B858119");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.instlDay", "16035");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.instlRef", "");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1[...]
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.015:12:1");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCy[...]
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.sg", "none");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByDtAtA0BzzyDzztCtCzytN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czut[...]
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[-] [C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\5zuie33b.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:12:1");
[-] [C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : start.mysearchdial.com
[-] [C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12545 bytes] ##########
 
**********************************************************************************************************************************************************
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/13/2015
Scan Time: 9:54 AM
Logfile: MBAM_final_findings.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.13.03
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Larry
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 460789
Time Elapsed: 57 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [0b5c62cd5e2d61d5e0ee393143c1c33d], 
PUP.Optional.SolidSavings, HKLM\SOFTWARE\WOW6432NODE\Solid Savings, , [2740e54a711ac6704611eacbdf2516ea], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{418AD5BA-1C21-4A23-8218-3751A782DAEA}, , [30379699e8a33006de389eef06febc44], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45E32D3D-628F-4EA5-9F03-E0662BB11C31}, , [cd9a220d810a0531b95e226be3216a96], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1769F7-EDE8-46DD-B0CF-78554C5A6F3F}, , [a1c6c26d870435010f09e6a7e0249868], 
PUP.Optional.SolidSavings, HKU\S-1-5-21-2963877913-1144948023-577571859-1001\SOFTWARE\APPDATALOW\SOFTWARE\Solid Savings, , [84e35bd4642792a46ce7397cf01458a8], 
 
Registry Values: 3
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{418ad5ba-1c21-4a23-8218-3751a782daea}|AppName, Solid Savings-bg.exe, , [30379699e8a33006de389eef06febc44]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45e32d3d-628f-4ea5-9f03-e0662bb11c31}|AppName, Solid Savings-buttonutil.exe, , [cd9a220d810a0531b95e226be3216a96]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f1769f7-ede8-46dd-b0cf-78554c5a6f3f}|AppName, Solid Savings-codedownloader.exe, , [a1c6c26d870435010f09e6a7e0249868]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 23
PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_us_305, , [8fd89d9284071a1cb9a030e0eb18f20e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ar, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\bs-Cyrl-BA, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\bs-Latn-BA, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\da, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\de, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\es, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\fil-PH, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\fr, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\he, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\hr-HR, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\it, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ja, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\nl, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\no, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\se-FI, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sr-Cyrl-RS, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sr-Latn-RS, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sv, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner, , [de89200fd2b9b680e1fa1803f40ff20e], 
 
Files: 10
PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_us_305\unins000.dat, , [8fd89d9284071a1cb9a030e0eb18f20e], 
PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_us_305\unins000.msg, , [8fd89d9284071a1cb9a030e0eb18f20e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Microsoft.Win32.TaskScheduler.xml, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Microsoft.Deployment.WindowsInstaller.xml, , [204746e93e4ddd5973654fcc60a311ef], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\errors, , [de89200fd2b9b680e1fa1803f40ff20e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\errors_data, , [de89200fd2b9b680e1fa1803f40ff20e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\fileerrors, , [de89200fd2b9b680e1fa1803f40ff20e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\fileerrors_data, , [de89200fd2b9b680e1fa1803f40ff20e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\log.txt, , [de89200fd2b9b680e1fa1803f40ff20e], 
PUP.Optional.ProPCCleaner, C:\Users\Larry\Documents\ProPCCleaner\logerror.txt, , [de89200fd2b9b680e1fa1803f40ff20e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
******************************************************************************************************************************************************************
 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 14 September 2015 - 07:13 AM

Just want to make sure that you have delete all that was identified by the Malwarebytes tool.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 firestar9mm

firestar9mm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 19 September 2015 - 01:36 AM

nasdaq,

Sorry I couldn't get back to you sooner. 

All I can say is, you are amazing and I can't thank you enough for helping me get my computer cleaned up. I haven't had any problems at all with Disasteroids since I last contacted you.

On the other hand, you kinda ruined my excuse for getting a new computer.

Seriously, I am very, VERY grateful for your help.

firestar9mm



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 19 September 2015 - 09:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users