Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects and Pop-Up, XP/Firefox


  • This topic is locked This topic is locked
32 replies to this topic

#1 tomcal25

tomcal25

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 14 December 2016 - 04:38 PM

Hi, In the past week I've stated to receive Pop-Up and Redirects. I'm running XP Professional using Firefox browser. Also have Chrome and IE, but mostly use Firefox.

 

Pop-Up/ Redirects I've been receiving are; Java install updates, Microsoft has blocked (asks for credit card info) a chat room and Search Incognit (his one comes up repeatedly on Bleeping Computer site) and some other I don't remember.

 

I've run malwarebytes, HijackThis, Spybot search & destroy and McAfee, but still problem remains.

Also discovered Windows Firewall was turned off? I always have it on.

 

Any help you can provide to remove this Virus/Trojan/Malware would be greatly appreciated. I'm afraid to do any on-line banking as my account and passwords maybe be stolen.

 

Attached are FRST files.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 AM

Posted 19 December 2016 - 04:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/634830 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 tomcal25

tomcal25
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 19 December 2016 - 09:14 PM

Yes, I still need help. Continue to receive unwanted pop-up and redirects. Have tried Malwarebytes, Adware, HijackThis, Hitman and McAfee. Still have same problem. Receiving pop-up such as; Microsoft has blocked - call 888 number (this freezes computer and I have to go into Task Manger to stop it), java updates, Adobe updates, Answer five questions, chat rooms, and many others.

Malwarebytes found lots of tracking cookies, but no higher level or critical items. Cleaned them all.

 

I'm running XP Professional and Firefox. Also have loaded, Chrome and IE. but use Firefox mostly. Seldom use IE as XP will not support lastest versions.

 

I can't find a way to download a copy of FRST files in this reply page, so I just copied and pasted. Ran FRST as 32 bit.

My orginal first post has downloaded FRST fies.

 

Any help would be greatly appreciated. Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2016
Ran by Tom (administrator) on FAMILY (19-12-2016 20:21:06)
Running from C:\Documents and Settings\Tom\My Documents\Downloads
Loaded Profiles: Tom (Available Profiles: Sophia & Tom & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AOL Inc.) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1207122118\EE\aolsoftware.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files\Common Files\AOL\1207122118\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1207122118\EE\aolsoftware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-07-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2007-07-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-10-15] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1207122118\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\Run: [SMSetup] => "C:\DOCUME~1\Tom\LOCALS~1\Temp\{46DF20AF-4B4C-4DBB-9D32-3EFAF27B830D}\SMSetup.exe"  /S /cnid 715483 /dsie /dsff /dsgc /hp /wait /ntp_ie /ms  /restart <===== ATTENTION
HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\MountPoints2: {9262e860-2b27-11e1-8905-00038a000015} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\MountPoints2: {e6cff211-5640-11df-859b-00038a000015} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A86AB98C-B60F-458C-8763-10F7140BA721}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080402
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKLM - IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll No File
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> No Name - {02DF5CD1-AFBF-44AF-BB18-62DDF87121A2} -  No File
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} hxxp://online.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-27] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\zd9gthvx.default-1479513118109 [2016-12-19]
FF Homepage: C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\zd9gthvx.default-1479513118109 -> hxxps://www.yahoo.com/
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-12-02] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-17] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-10-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-10-15] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-12-17]
CHR Extension: (Google Slides) - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-03]
CHR Extension: (Google Docs) - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-03]
CHR Extension: (YouTube) - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-03]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-03]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-03]
CHR Extension: (Gmail) - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-03]
CHR Profile: C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\System Profile [2016-12-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2013-10-28] (Meetinghouse Data Communications) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-06-23] (GFI Software)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [987904 2007-06-20] (Conexant Systems, Inc.)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
R3 vrvd5; C:\WINDOWS\System32\DRIVERS\vrvd5.sys [11296 2015-02-09] (Rsupport Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S3 AFGSp50; System32\Drivers\AFGSp50.sys [X]
S2 EAPPkt; system32\DRIVERS\EAPPkt.sys [X]
S1 ESProtectionDriver; \??\C:\WINDOWS\system32\drivers\mbae.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
U0 mfewfpk; no ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S2 StarOpen; no ImagePath
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-19 19:17 - 2016-12-19 19:17 - 01105772 _____ C:\Documents and Settings\Tom\Desktop\Getty station.pdf
2016-12-19 17:31 - 2016-12-19 17:31 - 00138033 _____ C:\Documents and Settings\Tom\Desktop\vista print.pdf
2016-12-19 17:30 - 2016-12-19 17:30 - 00138033 _____ C:\Documents and Settings\Tom\Desktop\99660876-4e06-4fc2-a626-ae94707d58c0~110.pdf
2016-12-19 17:16 - 2016-12-19 17:16 - 00138040 _____ C:\Documents and Settings\Tom\My Documents\vista print.pdf
2016-12-19 17:16 - 2016-12-19 17:16 - 00138040 _____ C:\Documents and Settings\Tom\Desktop\74cece0a-6a13-49e1-a347-f4a429031327~110.pdf
2016-12-17 14:28 - 2016-12-17 14:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2016-12-17 14:28 - 2016-12-17 14:27 - 00160256 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2016-12-17 14:28 - 2016-12-17 14:27 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-12-17 14:24 - 2016-12-17 14:24 - 00000730 _____ C:\Documents and Settings\Tom\Desktop\Mozilla Firefox.lnk
2016-12-16 16:23 - 2016-12-16 16:27 - 00160012 _____ C:\TDSSKiller.3.1.0.12_16.12.2016_16.23.22_log.txt
2016-12-16 11:47 - 2016-12-16 11:47 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox (3).lnk
2016-12-16 11:36 - 2016-12-16 11:36 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Sun
2016-12-15 14:04 - 2016-12-15 14:04 - 00000000 ____D C:\Documents and Settings\Tom\My Documents\2016_12_15
2016-12-15 13:41 - 2016-12-15 13:41 - 00563549 _____ C:\Documents and Settings\Tom\My Documents\Vitamin D deficiency linked to autism A study finds that pregnant women who were low in one vitamin were more likely to have a child with autistic traits.'Fairly common' deficiency among American public ».htm
2016-12-15 10:54 - 2016-12-15 10:54 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
2016-12-14 20:45 - 2016-12-14 20:45 - 00000000 ____D C:\Documents and Settings\Default User\Application Data\Sun
2016-12-14 20:09 - 2016-12-19 20:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-14 20:02 - 2016-12-14 20:02 - 00000000 ____D C:\Program Files\Secunia
2016-12-14 19:43 - 2016-12-14 19:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2016-12-14 18:37 - 2016-12-19 12:32 - 00000000 ____D C:\AdwCleaner
2016-12-14 18:18 - 2016-12-14 18:18 - 00000754 _____ C:\Documents and Settings\Tom\Desktop\Shortcut to Remove the Your Windows (Microsoft) Computer has been Blocked Alert.htm.lnk
2016-12-14 12:59 - 2016-12-14 12:59 - 00080473 _____ C:\Documents and Settings\Tom\Desktop\Farbar Recovery Scan Tool Download.htm
2016-12-13 22:52 - 2016-12-19 20:21 - 00000000 ____D C:\FRST
2016-12-13 16:54 - 2016-12-13 16:54 - 00000000 ____D C:\WINDOWS\system32\ScanResults
2016-12-13 13:44 - 2013-09-04 09:03 - 00449342 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161213-134455.backup
2016-12-13 13:17 - 2016-12-13 13:17 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-13 13:13 - 2016-12-17 16:08 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-12-12 21:00 - 2016-12-14 20:37 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-12-12 21:00 - 2016-12-14 20:37 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-12-12 20:55 - 2016-12-12 20:55 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2016-12-12 20:54 - 2016-12-12 20:54 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-12-11 16:45 - 2016-12-11 16:45 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-09 12:52 - 2016-12-09 12:53 - 01425718 _____ C:\Documents and Settings\Tom\My Documents\Sylvania-SA_300.pdf
2016-12-08 11:53 - 2016-12-08 11:53 - 00077360 _____ C:\Documents and Settings\Tom\Desktop\Handicap signs.htm
2016-12-07 10:24 - 2016-12-19 13:21 - 00000274 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job
2016-12-06 11:51 - 2016-12-06 11:51 - 00071969 _____ C:\Documents and Settings\Tom\Desktop\Lemon Chicken Scallopini with Spinach.htm
2016-12-05 12:13 - 2016-12-05 12:13 - 00607787 _____ C:\Documents and Settings\Tom\My Documents\Woman to Trump  'You are embarrassing yourself'.htm
2016-12-05 11:56 - 2016-12-07 14:47 - 00174094 _____ C:\Documents and Settings\Tom\Desktop\Year-End Distributions by Fidelity Mutual Funds - Fidelity.htm
2016-12-03 20:04 - 2016-12-03 20:04 - 00000000 ____D C:\Program Files\Vitzo
2016-12-03 20:03 - 2016-12-03 20:03 - 00000000 ____D C:\Documents and Settings\Tom\Application Data\SoftCDN
2016-12-03 19:16 - 2016-12-03 19:16 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-12-03 19:16 - 2016-12-03 19:16 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-12-02 23:41 - 2016-12-18 17:04 - 00000000 __RSD C:\Documents and Settings\Sophia\My Documents\McAfee Vaults
2016-12-02 23:41 - 2016-12-02 23:41 - 00000000 ____D C:\Documents and Settings\Sophia\Local Settings\Application Data\McAfee File Lock
2016-12-02 23:08 - 2016-12-19 13:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2016-12-02 23:08 - 2016-12-19 13:24 - 00000000 __RSD C:\Documents and Settings\Tom\My Documents\McAfee Vaults
2016-12-02 23:08 - 2016-12-02 23:08 - 00000000 ____D C:\Documents and Settings\Tom\Local Settings\Application Data\McAfee File Lock
2016-12-02 23:08 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-12-02 23:08 - 2013-09-09 11:11 - 00066296 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\McPvDrv.sys
2016-12-02 23:06 - 2016-12-02 23:06 - 00000000 ____D C:\Program Files\McAfee.com
2016-12-02 23:06 - 2014-06-20 11:05 - 00087520 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfendisk.sys
2016-12-02 22:59 - 2016-12-02 23:07 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-12-02 22:59 - 2014-06-20 11:13 - 00179600 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2016-12-02 21:02 - 2016-12-02 21:22 - 00000000 ____D C:\WINDOWS\ERDNT
2016-11-30 14:21 - 2016-11-30 14:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2016-11-30 14:20 - 2016-11-30 14:21 - 00000000 ____D C:\Program Files\iTunes
2016-11-30 14:20 - 2016-11-30 14:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2016-11-30 14:20 - 2016-11-30 14:20 - 00000000 ____D C:\Program Files\iPod
2016-11-30 14:17 - 2016-12-13 23:01 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-11-30 12:25 - 2016-11-30 12:25 - 00016789 _____ C:\Documents and Settings\Tom\My Documents\Spill Incidents Database Search.htm
2016-11-28 18:27 - 2016-11-28 18:27 - 00072204 _____ C:\Documents and Settings\Tom\My Documents\734 Park Ave Land Management Site History Report.htm
2016-11-25 23:09 - 2016-11-25 23:09 - 00569339 _____ C:\Documents and Settings\Tom\Desktop\Trump's shifting positions since U.S. election win.htm
2016-11-25 19:16 - 2016-11-25 19:16 - 00056257 _____ C:\Documents and Settings\Tom\Desktop\Trump may be setting a record for broken promises - Chicago Tribune.htm
2016-11-25 19:11 - 2016-11-25 19:14 - 00079131 _____ C:\Documents and Settings\Tom\Desktop\Breitbart slams Trump's reversal on pursuing charges against Clinton - Business Insider.htm
2016-11-25 18:03 - 2016-11-25 18:03 - 00076595 _____ C:\Documents and Settings\Tom\Desktop\Modest Price Cut Expected For Generic Version Of Cancer Pill Gleevec   Shots - Health News   NPR.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-19 20:22 - 2009-02-18 14:44 - 00000000 ____D C:\Documents and Settings\Tom\Local Settings\Temp
2016-12-19 20:20 - 2012-03-24 15:11 - 00000432 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-12-19 19:50 - 2016-02-26 14:28 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-19 17:16 - 2009-02-18 14:44 - 00000000 ___RD C:\Documents and Settings\Tom\My Documents
2016-12-19 15:50 - 2016-02-26 14:28 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-19 13:22 - 2010-09-11 17:32 - 00000000 ____D C:\MDT
2016-12-19 13:21 - 2014-03-08 11:48 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-12-19 13:21 - 2013-08-23 15:52 - 00000296 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job
2016-12-19 13:21 - 2013-08-20 16:50 - 00000282 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job
2016-12-19 13:21 - 2004-08-11 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-12-19 13:20 - 2004-08-11 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-19 13:01 - 2014-03-14 15:38 - 00032614 _____ C:\WINDOWS\SchedLgU.Txt
2016-12-19 12:40 - 2009-06-09 12:06 - 00002497 _____ C:\Documents and Settings\Tom\Desktop\Microsoft Office Word 2003.lnk
2016-12-18 17:44 - 2013-10-13 22:42 - 00733184 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-12-18 17:44 - 2009-02-18 14:44 - 00000278 __SHC C:\Documents and Settings\Tom\ntuser.ini
2016-12-18 17:44 - 2008-07-16 17:14 - 00000178 ___SH C:\Documents and Settings\Sophia\ntuser.ini
2016-12-18 17:30 - 2008-07-16 17:14 - 00000000 ____D C:\Documents and Settings\Sophia\Local Settings\Temp
2016-12-17 16:05 - 2011-10-04 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-12-17 16:03 - 2013-08-16 17:11 - 00000638 ____C C:\WINDOWS\wininit.ini
2016-12-17 14:23 - 2008-04-02 02:28 - 00000000 ____D C:\Program Files\Java
2016-12-17 11:39 - 2008-07-16 17:14 - 00000000 ___RD C:\Documents and Settings\Sophia\My Documents
2016-12-17 11:17 - 2008-07-16 18:06 - 00002497 _____ C:\Documents and Settings\Sophia\Desktop\Microsoft Office Word 2003.lnk
2016-12-16 13:44 - 2010-12-09 10:57 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2016-12-16 11:18 - 2012-03-02 11:08 - 00000482 _____ C:\WINDOWS\Tasks\Ad-Aware Scan (adware).job
2016-12-16 10:11 - 2016-11-04 13:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-15 11:16 - 2016-11-18 14:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-14 20:36 - 2004-08-11 18:12 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-14 20:25 - 2012-03-08 11:37 - 00000000 ____D C:\Documents and Settings\Tom\Desktop\Unused Desktop Shortcuts
2016-12-14 20:02 - 2004-08-11 18:02 - 00000000 ___HD C:\WINDOWS\inf
2016-12-14 15:58 - 2013-08-23 15:52 - 00000304 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job
2016-12-13 23:35 - 2008-07-16 17:14 - 00000000 ____D C:\Documents and Settings\Sophia
2016-12-13 16:00 - 2011-09-13 22:06 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-12-13 13:13 - 2013-08-16 15:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2016-12-13 11:31 - 2009-02-18 14:44 - 00000000 ___RD C:\Documents and Settings\Tom\My Documents\My Music
2016-12-12 20:59 - 2014-08-17 19:15 - 00000000 ____D C:\Documents and Settings\Tom\Local Settings\Application Data\Adobe
2016-12-12 20:54 - 2012-01-12 10:42 - 00000000 ____D C:\Program Files\Adobe
2016-12-12 20:23 - 2004-08-11 18:00 - 00000704 _____ C:\WINDOWS\win.ini
2016-12-12 18:04 - 2008-04-02 02:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2016-12-11 15:32 - 2013-08-23 15:52 - 00000322 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job
2016-12-08 15:00 - 2014-03-08 11:48 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-12-04 17:10 - 2008-07-16 17:14 - 00000000 ____D C:\Documents and Settings\Sophia\Local Settings\Application Data\Google
2016-12-03 21:26 - 2009-02-18 14:44 - 00000000 ___RD C:\Documents and Settings\Tom\My Documents\My Pictures
2016-12-03 19:37 - 2014-10-29 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2016-12-03 19:37 - 2004-08-11 18:13 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-12-03 19:34 - 2009-02-18 14:44 - 00001599 ____C C:\Documents and Settings\Tom\Start Menu\Programs\Remote Assistance.lnk
2016-12-03 19:34 - 2004-08-11 18:15 - 00001563 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2016-12-03 19:34 - 2004-08-11 18:15 - 00001507 ____C C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2016-12-03 19:16 - 2008-04-02 02:33 - 00000000 ____D C:\Program Files\Google
2016-12-03 11:55 - 2014-01-07 19:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2016-12-02 23:59 - 2012-03-24 15:11 - 00000564 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2016-12-02 23:08 - 2014-01-07 20:12 - 00000000 ____D C:\Program Files\McAfee
2016-12-02 19:06 - 2013-11-08 16:57 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-30 14:37 - 2016-02-07 19:12 - 00005991 _____ C:\Documents and Settings\Sophia\My Documents\winmail.dat
2016-11-30 14:20 - 2016-11-18 21:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2016-11-30 14:20 - 2014-03-12 16:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-30 14:17 - 2015-06-17 15:14 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2016-11-30 14:17 - 2014-03-12 16:59 - 00000000 ____D C:\Program Files\Apple Software Update
2016-11-28 15:14 - 2013-06-13 17:20 - 00000000 ____D C:\Program Files\REALTEK
2016-11-28 15:13 - 2004-08-11 18:02 - 00000000 ____D C:\WINDOWS\system
2016-11-28 14:37 - 2012-08-28 18:10 - 00000476 _____ C:\WINDOWS\RTacDbg.txt

==================== Files in the root of some directories =======

2010-05-02 21:21 - 2010-06-04 09:16 - 0000324 ____C () C:\Documents and Settings\Tom\Application Data\wklnhst.dat
2011-09-26 17:54 - 2011-09-26 17:54 - 0186832 ____C () C:\Documents and Settings\Tom\Local Settings\Application Data\ars.cache
2011-09-26 17:54 - 2011-09-26 17:54 - 0235459 ____C () C:\Documents and Settings\Tom\Local Settings\Application Data\census.cache
2009-07-12 17:33 - 2016-11-10 16:20 - 0014336 ____C () C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-31 10:42 - 2012-08-31 10:42 - 0027520 ____C () C:\Documents and Settings\Tom\Local Settings\Application Data\dt.dat
2011-09-26 17:41 - 2011-09-26 17:41 - 0000036 ____C () C:\Documents and Settings\Tom\Local Settings\Application Data\housecall.guid.cache
2014-03-13 17:54 - 2014-02-19 16:21 - 0009216 _____ () C:\Documents and Settings\Tom\Local Settings\Application Data\Z@!-42106210-c200-42c3-9981-052cbdc5ee8f.tmp
2015-06-22 17:01 - 2015-06-22 17:01 - 0001750 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
C:\Documents and Settings\Tom\Local Settings\Temp\HitmanPro.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2016
Ran by Tom (19-12-2016 20:23:26)
Running from C:\Documents and Settings\Tom\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2008-07-16 22:14:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1067086409-1153305329-3553435028-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1067086409-1153305329-3553435028-1008 - Limited - Enabled)
Guest (S-1-5-21-1067086409-1153305329-3553435028-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1067086409-1153305329-3553435028-1004 - Limited - Disabled)
Sophia (S-1-5-21-1067086409-1153305329-3553435028-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Sophia
SUPPORT_388945a0 (S-1-5-21-1067086409-1153305329-3553435028-1002 - Limited - Disabled)
Tom (S-1-5-21-1067086409-1153305329-3553435028-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 ActiveX (HKLM\...\{58E533B1-9B29-432D-BB38-25B489C1D53B}) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\{D633DF27-FC9E-4FDA-A158-CB36AE83671D}) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version:  - )
AOL Toolbar  (HKLM\...\AOL Toolbar) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
Canon MP210 series User Registration (HKLM\...\Canon MP210 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.23 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.23 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\73f463568823ebbe) (Version: 6.5.0.6 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
Games, Music, & Photos Launcher (Version: 1.00.0000 - Dell Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
McAfee All Access – Internet Security (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}) (Version: 1.0.17.2 - )
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
Pinnacle VideoSpin (HKLM\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Scan (adware).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1067086409-1153305329-3553435028-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RegGenie Scheduler.job => C:\Program Files\RegGenie\RegGenieScheduler.exe
Task: C:\WINDOWS\Tasks\RegGenie v3.0 - Step 1.job => C:\Program Files\RegGenie\RegGenieOnReboot.exe
Task: C:\WINDOWS\Tasks\RegGenie v3.0 - Step 2.job => C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center
PC-Doctor   0߬ ଢ
   

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Tom\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-12 10:34 - 2014-08-12 10:34 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2006-10-23 14:04 - 2006-10-23 14:04 - 00001536 _____ () c:\program files\common files\aol\1207122118\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
2004-08-11 18:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2016-12-14 20:09 - 2016-12-14 20:09 - 19761240 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7919 more sites.

IE trusted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\...\123simsen.com -> www.123simsen.com

There are 7921 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 18:00 - 2016-12-13 13:44 - 00453440 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15563 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AOLDialer => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1207122118\ee\AOLSoftware.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe] => Enabled:CyberLink PowerDVD DX
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe] => Enabled:CyberLink PowerDVD DX Resident Program
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe] => Enabled:CyberLink PowerDVD DX
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe] => Enabled:CyberLink PowerDVD DX Resident Program
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe] => Enabled:AOLTsMon
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe] => Enabled:AOLTopSpeed
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1207122118\EE\AOLServiceHost.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\System Information\sinf.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1207122118\EE\aolsoftware.exe] => Enabled:AOL Shared Components
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL 9.1\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe] => Enabled:AOL TopSpeed
StandardProfile\AuthorizedApplications: [C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe] => Enabled:Render Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe] => Enabled:umi
StandardProfile\AuthorizedApplications: [C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe] => Enabled:Pinnacle VideoSpin
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\fxsclnt.exe] => Enabled:Microsoft  Fax Console
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG10\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe] => Enabled:RtWlan
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe] => Enabled:McAfee
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.7\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.8.0\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot
StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot
StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot
StandardProfile\GloballyOpenPorts: [3418:UDP] => Enabled:Windows Media Format SDK (iexplore.exe)
StandardProfile\GloballyOpenPorts: [3419:UDP] => Enabled:Windows Media Format SDK (iexplore.exe)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

21-09-2016 16:00:37 McAfee Vulnerability Scanner
22-09-2016 16:12:23 System Checkpoint
23-09-2016 18:00:21 System Checkpoint
25-09-2016 12:35:22 System Checkpoint
26-09-2016 13:17:00 System Checkpoint
27-09-2016 13:29:59 System Checkpoint
28-09-2016 16:26:53 System Checkpoint
29-09-2016 16:43:47 System Checkpoint
01-10-2016 09:18:46 System Checkpoint
02-10-2016 12:07:42 System Checkpoint
03-10-2016 12:56:28 System Checkpoint
04-10-2016 13:13:46 System Checkpoint
05-10-2016 12:40:56 McAfee Vulnerability Scanner
06-10-2016 12:46:52 System Checkpoint
07-10-2016 13:40:32 System Checkpoint
09-10-2016 12:39:55 System Checkpoint
10-10-2016 16:01:44 System Checkpoint
11-10-2016 16:37:30 System Checkpoint
12-10-2016 09:58:20 Software Distribution Service 3.0
13-10-2016 11:03:55 System Checkpoint
14-10-2016 15:02:54 System Checkpoint
15-10-2016 17:50:51 System Checkpoint
17-10-2016 11:12:37 System Checkpoint
19-10-2016 11:10:15 System Checkpoint
20-10-2016 11:12:49 System Checkpoint
21-10-2016 14:47:31 System Checkpoint
22-10-2016 14:51:26 System Checkpoint
23-10-2016 17:35:50 System Checkpoint
24-10-2016 17:53:34 System Checkpoint
25-10-2016 18:29:05 System Checkpoint
26-10-2016 15:46:28 McAfee Vulnerability Scanner
27-10-2016 16:34:06 System Checkpoint
28-10-2016 17:17:47 System Checkpoint
30-10-2016 10:42:11 System Checkpoint
31-10-2016 11:12:51 System Checkpoint
01-11-2016 16:21:35 System Checkpoint
02-11-2016 17:04:28 System Checkpoint
02-11-2016 18:25:53 McAfee Vulnerability Scanner
03-11-2016 22:54:54 System Checkpoint
04-11-2016 13:40:08 Restore Operation
04-11-2016 15:35:50 McAfee Vulnerability Scanner
05-11-2016 16:18:24 System Checkpoint
06-11-2016 21:15:33 System Checkpoint
07-11-2016 21:51:51 System Checkpoint
09-11-2016 11:55:58 System Checkpoint
09-11-2016 13:39:42 McAfee Vulnerability Scanner
09-11-2016 13:42:07 Software Distribution Service 3.0
10-11-2016 15:03:33 System Checkpoint
11-11-2016 16:45:32 System Checkpoint
12-11-2016 16:53:08 System Checkpoint
13-11-2016 17:11:00 System Checkpoint
14-11-2016 19:25:28 System Checkpoint
16-11-2016 13:05:05 System Checkpoint
16-11-2016 15:10:37 McAfee Vulnerability Scanner
17-11-2016 16:56:10 System Checkpoint
18-11-2016 19:47:24 System Checkpoint
18-11-2016 21:34:37 Installed iTunes
20-11-2016 12:52:08 System Checkpoint
21-11-2016 16:08:16 System Checkpoint
22-11-2016 16:48:05 System Checkpoint
23-11-2016 15:15:15 McAfee Vulnerability Scanner
24-11-2016 15:24:14 System Checkpoint
25-11-2016 15:35:38 System Checkpoint
26-11-2016 17:18:06 System Checkpoint
27-11-2016 17:38:06 System Checkpoint
28-11-2016 18:00:26 System Checkpoint
29-11-2016 19:27:53 System Checkpoint
30-11-2016 13:52:09 McAfee Vulnerability Scanner
30-11-2016 14:18:23 Installed iTunes
01-12-2016 14:50:25 System Checkpoint
02-12-2016 23:27:47 System Checkpoint
04-12-2016 15:32:48 System Checkpoint
05-12-2016 16:21:33 System Checkpoint
06-12-2016 11:37:06 Software Distribution Service 3.0
07-12-2016 13:22:40 System Checkpoint
08-12-2016 13:35:04 System Checkpoint
09-12-2016 13:51:34 System Checkpoint
10-12-2016 13:55:19 System Checkpoint
11-12-2016 18:31:26 System Checkpoint
12-12-2016 18:04:00 Removed Adobe Reader XI (11.0.10).
13-12-2016 15:21:20 Software Distribution Service 3.0
14-12-2016 18:07:24 System Checkpoint
14-12-2016 19:57:55 Checkpoint by HitmanPro
14-12-2016 19:58:33 Checkpoint by HitmanPro
16-12-2016 16:56:12 System Checkpoint
18-12-2016 13:11:45 System Checkpoint
19-12-2016 14:09:07 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2016 06:25:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application WINWORD.EXE, version 11.0.8411.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/18/2016 05:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application aolbrowser.exe, version 0.7.42.1, faulting module unknown, version 0.0.0.0, fault address 0x06d89f28.
Processing media-specific event for [aolbrowser.exe!ws!]

Error: (12/17/2016 02:31:45 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Apple Application Support (32-bit) -- Apple Application Support (32-bit) requires that your computer is running Windows 7 or newer.

Error: (12/17/2016 11:11:25 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Apple Application Support (32-bit) -- Apple Application Support (32-bit) requires that your computer is running Windows 7 or newer.

Error: (12/16/2016 04:20:47 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Apple Application Support (32-bit) -- Apple Application Support (32-bit) requires that your computer is running Windows 7 or newer.

Error: (12/16/2016 03:12:39 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 1257041973.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/16/2016 03:12:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst(4).exe, version 7.12.2016.0, faulting module frst(4).exe, version 7.12.2016.0, fault address 0x000211de.
Processing media-specific event for [frst(4).exe!ws!]

Error: (12/16/2016 12:46:03 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 1249253547.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/16/2016 12:45:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 50.1.0.6186, faulting module mozglue.dll, version 50.1.0.6186, fault address 0x0000ec79.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/16/2016 11:46:45 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Apple Application Support (32-bit) -- Apple Application Support (32-bit) requires that your computer is running Windows 7 or newer.


System errors:
=============
Error: (12/19/2016 01:23:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (12/19/2016 01:22:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ESProtectionDriver
Lbd
SBRE

Error: (12/19/2016 01:22:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/19/2016 01:22:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Realtek EAPPkt Protocol service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/19/2016 11:24:55 AM) (Source: DCOM) (EventID: 10010) (User: FAMILY)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (12/19/2016 10:59:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ESProtectionDriver
Lbd
SBRE

Error: (12/19/2016 10:59:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/19/2016 10:59:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Realtek EAPPkt Protocol service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/18/2016 05:10:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (12/18/2016 05:08:45 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {211EBA3A-EA5A-496B-A021-5C6BEB365E4C} did not register with DCOM within the required timeout.

 
 
 = = = = = = = = = = = = = = = = = = = =   M e m o r y   i n f o   = = = = = = = = = = = = = = = = = = = = = = = = = = =   
 
 
 
 P r o c e s s o r :   I n t e l ( R )   P e n t i u m ( R )   D u a l   C P U   E 2 1 8 0   @   2 . 0 0 G H z
 
 P e r c e n t a g e   o f   m e m o r y   i n   u s e :   4 2 %
 
 T o t a l   p h y s i c a l   R A M :   3 3 1 7 . 1   M B
 
 A v a i l a b l e   p h y s i c a l   R A M :   1 9 1 1 . 1 7   M B
 
 T o t a l   V i r t u a l :   5 2 0 0 . 0 3   M B
 
 A v a i l a b l e   V i r t u a l :   3 9 6 7 . 9 9   M B
 
 
 
 = = = = = = = = = = = = = = = = = = = =   D r i v e s   = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 
 
Drive c: () (Fixed) (Total:229.47 GB) (Free:179.26 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=229.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.3 GB) - (Type=DB)

==================== End of Addition.txt ============================



#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:11:41 AM

Posted 20 December 2016 - 02:52 PM

Sorry for the wait. I'm researching your logs. This will take a bit of time. In the meanwhile, keep in mind the following:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise. In the interest of full disclosure I am still a student, and therefore anything I propose must be cleared with an instructor, which may sometimes delay my responses. The upside to this is you'll have two heads looking into your problem.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
`
To err is Human. To blame it on someone else is even more Human.

#5 tomcal25

tomcal25
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 20 December 2016 - 06:05 PM

OK. I understand completely. Thanks for helping me.



#6 tomcal25

tomcal25
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 21 December 2016 - 09:15 PM

Hi Jazz Fan.   I've been using my computer heavily today and guess what... No re-directs or pop-up all day.

 

I don't get it.  Read somewhere that this doesn't mean it's gone. May come back. As mentioned, I ran Malwarebytes, Adware cleaner, Hitman, Spybot, McAfee and some others before your first reply, but I still had same issues. I've run no detector/cleaners or changed anything since last logs i sent yesterday, as you suggested.

 

Other thought, I've been using YTD Download and CDBurnerXP a lot in the last three weeks. Both said to updated versions, which I did. Searching on internet revealed YTD downloader is loaded with malware and CDBurnerXP is almost as bad. I opted out of everything I could, but in reading, some of this malware gets loaded anyway.

 

Don't know if both of these programs are the problem or not. Think you should continue checking  logs anyway.  Thanks.

 

BTW... I enjoy all types of music. Jazz is one of my favorites.



#7 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:11:41 AM

Posted 21 December 2016 - 10:35 PM

Thanks for the news. For my next post I can suggest something to remove those programs, if you wish. Plus, there are a few files I need a closer look at. Should have something by tomorrow. 

 

ETA: I'm not seeing anything in your logs about YTD Download or CDBurnerXP. Did you remove them already?


Edited by Bezukhov, 22 December 2016 - 10:46 AM.

To err is Human. To blame it on someone else is even more Human.

#8 tomcal25

tomcal25
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 22 December 2016 - 11:30 AM

Yes, I removed them both.



#9 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:11:41 AM

Posted 22 December 2016 - 03:32 PM

Yes, I removed them both.


OK.

Let's take care of some other business.
  • Press the windows key 2ekn24o.jpg + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt. Save it in the same place as FRST64.exe.
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
File: C:\DOCUME~1\Tom\LOCALS~1\Temp\{46DF20AF-4B4C-4DBB-9D32-3EFAF27B830D}\SMSetup.exe
File: C:\Documents and Settings\Tom\Local Settings\Application Data\Z@!-42106210-c200-42c3-9981-052cbdc5ee8f.tmp
Folder: C:\MDT
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> No Name - {02DF5CD1-AFBF-44AF-BB18-62DDF87121A2} -  No File
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S3 AFGSp50; System32\Drivers\AFGSp50.sys [X]
S2 EAPPkt; system32\DRIVERS\EAPPkt.sys [X]
S1 ESProtectionDriver; \??\C:\WINDOWS\system32\drivers\mbae.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
U0 mfewfpk; no ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
S2 StarOpen; no ImagePath
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
So for your next post the results of fixlist.txt, and tell me how your computer is doing.
To err is Human. To blame it on someone else is even more Human.

#10 tomcal25

tomcal25
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 22 December 2016 - 05:01 PM

OK, I think I did this correctly. Firefox downloads into "MyDocuments\Downloads". I put fixlist,txt in the same place.

 

Computer seems to running well. No redirects or pop-ups. I have not restarted computer after following the above instruction and sending this reply.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by Tom (22-12-2016 16:32:41) Run:1
Running from C:\Documents and Settings\Tom\My Documents\Downloads
Loaded Profiles: Tom (Available Profiles: Sophia & Tom & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
File: C:\DOCUME~1\Tom\LOCALS~1\Temp\{46DF20AF-4B4C-4DBB-9D32-3EFAF27B830D}\SMSetup.exe
File: C:\Documents and Settings\Tom\Local Settings\Application Data\Z@!-42106210-c200-42c3-9981-052cbdc5ee8f.tmp
Folder: C:\MDT
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1067086409-1153305329-3553435028-1006 -> No Name - {02DF5CD1-AFBF-44AF-BB18-62DDF87121A2} -  No File
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S3 AFGSp50; System32\Drivers\AFGSp50.sys [X]
S2 EAPPkt; system32\DRIVERS\EAPPkt.sys [X]
S1 ESProtectionDriver; \??\C:\WINDOWS\system32\drivers\mbae.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
U0 mfewfpk; no ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
S2 StarOpen; no ImagePath
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
*****************


========================= File: C:\DOCUME~1\Tom\LOCALS~1\Temp\{46DF20AF-4B4C-4DBB-9D32-3EFAF27B830D}\SMSetup.exe ========================

"C:\DOCUME~1\Tom\LOCALS~1\Temp\{46DF20AF-4B4C-4DBB-9D32-3EFAF27B830D}\SMSetup.exe" => not found.
====== End of File: ======


========================= File: C:\Documents and Settings\Tom\Local Settings\Application Data\Z@!-42106210-c200-42c3-9981-052cbdc5ee8f.tmp ========================

File not signed
MD5: 7A292A9AD7B55414C773AF4BC4CC6697
Creation and modification date: 2014-03-13 17:54 - 2014-02-19 16:21
Size: 0009216
Attributes: ----A
Company Name:
Internal Name: nstvhook
Original Name: nstvhook.dll
Product: Bomgar
Description: Bomgar Support Client Utilities
File Version: 10, 1, 0, 0
Product Version: 10, 1, 0, 0
Copyright: Copyright © 2002-2011 Bomgar Corporation

====== End of File: ======


========================= Folder: C:\MDT ========================

2010-09-11 17:32 - 2015-08-26 21:36 - 0001141 ____C () C:\MDT\MSetting.ini
2010-09-12 11:02 - 2016-12-22 10:58 - 0000091 _____ () C:\MDT\path.ini
2010-09-11 17:32 - 2015-08-26 21:36 - 0006678 ____C () C:\MDT\Setting.ini

====== End of Folder: ======

HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value removed successfully.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => key not found.
HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1067086409-1153305329-3553435028-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{02DF5CD1-AFBF-44AF-BB18-62DDF87121A2} => value removed successfully.
HKCR\CLSID\{02DF5CD1-AFBF-44AF-BB18-62DDF87121A2} => key not found.
sprtsvc_dellsupportcenter => service removed successfully.
AFGMp50 => service removed successfully.
AFGSp50 => service removed successfully.
EAPPkt => service removed successfully.
ESProtectionDriver => service removed successfully.
Lbd => service removed successfully.
MBAMProtection => service removed successfully.
mfewfpk => service could not remove
SBRE => service removed successfully.
StarOpen => service removed successfully.
sxuptp => service removed successfully.
SymIM => service removed successfully.
SymIMMP => service removed successfully.
USBAAPL => service removed successfully.

==== End of Fixlog 16:32:42 ====



#11 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:11:41 AM

Posted 23 December 2016 - 10:08 PM

There are still a couple of files that need a closer look.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:file
C:\MDT\MSetting.ini
C:\MDT\path.ini
C:\MDT\Setting.ini
:contents
C:\MDT\MSetting.ini
C:\MDT\path.ini
C:\MDT\Setting.ini

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Now another scan to check your security situation:

Download Security Check from here or here and save it to your Desktop.

  • Double-click Security Check.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.

So next is to post SystemLook.txt and Checkup.txt. If that SystemLooktxt report is too big to post, go ahead and attach it. 


To err is Human. To blame it on someone else is even more Human.

#12 tomcal25

tomcal25
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 23 December 2016 - 11:10 PM

Here they both are;

 

SystemLook 30.07.11 by jpshortstuff
Log created at 22:56 on 23/12/2016 by Tom
Administrator - Elevation successful

========== file ==========

C:\MDT\MSetting.ini - File found and opened.
MD5: B156A2BB336FF365DA758F6F63DD6281
Created at 22:32 on 11/09/2010
Modified at 02:36 on 27/08/2015
Size: 1141 bytes
Attributes: --a--c-
No version information available.

C:\MDT\path.ini - File found and opened.
MD5: 0AA90E7072A1387EBA10F1EC82227525
Created at 16:02 on 12/09/2010
Modified at 17:51 on 23/12/2016
Size: 91 bytes
Attributes: --a----
No version information available.

C:\MDT\Setting.ini - File found and opened.
MD5: 9E9BBFE2F8CDBDD7896C7A2CFA2B3EA2
Created at 22:32 on 11/09/2010
Modified at 02:36 on 27/08/2015
Size: 6678 bytes
Attributes: --a--c-
No version information available.

========== contents ==========

C:\MDT\MSetting.ini - Opened succesfully.

[Movie Setting]
setting_regioncodevalue = 1
setting_langaudiovalue = 0
default_regioncodevalue = 1
setting_muteactionvalue = 0
default_outputtype = 1
dka_day_mod = -1
stop_on_topmenu_idle = True
enable_dxva = True
default_subtitlevalue = 0
default_outputvalue = 3
default_dynarangevalue = 1
setting_profilevalue = 2
setting_networkspeedvalue = 0
lastbigbangdate = 732029
enable_bddvd = True
default_captionvalue = 0
setting_dynarangevalue = 1
setting_colorprofile = 4
default_videorender = Overlay
enable_bdcopp = True
setting_expandvalue = 1
warnondvdempty = 1
enable_dxva_bd_vista = True
setting_outputtypevalue = 1
setting_captionvalue = 0
dka_first = True
setting_outputvalue = 3
setting_colorprofilevalue = 4
setting_persistentstoragevalue =
enable_dxva_vista = False
default_langaudiovalue = 0
default_networkspeedvalue = 0
default_screenratio = 0
default_muteactionvalue = 0
default_colorprofile = 4
setting_subtitlevalue = 0
default_profilevalue = 2
setting_snapshotpath = Movie Snapshot
enable_dxva_bd = True
setting_outputtype = 1
default_videorender_vista = VMR9
enable_hddvd = False



C:\MDT\path.ini - Opened succesfully.

[Path]
MyDocument=My Documents
MyMusic=My Music
MyVideo=My Videos
MyPhoto=My Pictures


C:\MDT\Setting.ini - Opened succesfully.

[RENDER]
fullscreen = False
vmrrenderlessmode = True
gdifps = 5
defaultuseexclusive = True
render3d = rdmsdx7
fps = 60
useanim = False
render2d = rdgdi
renderer = 2D

[RecentVideoPos]

[Tip]
tooltipdelay = 1.5
enableosd = True
osdtimeout = 5
enabletooltip = True

[Default Folder]
video = VC:\u005cDocuments and Settings\u005cTom\u005cMy Documents\u005cMy Videos
presentation = VC:\u005cDocuments and Settings\u005cTom\u005cMy Documents
photo = VC:\u005cDocuments and Settings\u005cTom\u005cMy Documents\u005cMy Pictures

[Setting]
setup = 0
setupwizard = [('Welcome', 0), ('Update', 0), ('DisplayType', 0), ('AudioOuput', 0), TV_SECTION RADIO_SECTION ('MusicSearch', 7004), ('Register', 0), ('Password', 0), ('CreatePassword', 0),  ('Thanks', 0)]

[Entry List]
music = ['MoreMusic', 'AudioCD', 'MyMusic', 'SharedMusic', 'Removable Drive', 'DataCD', 'Fixed Drive', 'Remote Drive']
tv = ['MyVideo', 'Fixed Drive']
photo = ['MorePicture', 'MyPicture', 'SharedPicture', 'Removable Drive', 'DataCD', 'Fixed Drive', 'Remote Drive']
local_drive = ['MyMusic', 'SharedMusic', 'Fixed Drive']
video = ['MoreVideo', 'MyVideo', 'SharedVideo', 'Removable Drive', 'DataCD', 'Fixed Drive', 'Remote Drive']
ppt = ['MoreDocument', 'MyDocument', 'SharedDocument', 'Removable Drive', 'DataCD', 'Fixed Drive', 'Remote Drive']
audio = ['AudioCD', 'MyMusic', 'SharedMusic', 'Removable Drive', 'DataCD', 'Fixed Drive', 'Remote Drive']

[PCM]
standalongtvplugin = False
language_debug = False
langsyncwithos = True
language = ENU

[Optimal]
enable = False

[Update]
serverurl = http://www.cyberlink.com/oem/dell/powerdvd/enu/upgrade.jsp

[DEFAULT FOLDER]
video =
photo =
presentation =

[VIDEO]
default_record_quality = Best
thumbnailstyle = True
default_videorender_vista = VMR9
videoplayer = CLPLAYER
setting_recordfilepath =
enablecommercialskip = False
setting_record_quality = Best
claudts_strategy = CLAUTS_ALWAYS
default_playwithsubfolder = False
enablecommercialcut = False
default_videorender = VMR7
default_recordfilepath =

[Music Setting]
default_rippingdestination =
default_isplaysubfolder = False
default_mymusicdestination =
default_visualization = Random
enabledefaultfolder = False
default_rippingformat = WMA_64K

[RecentVideo]

[AutoDetect]
min_lp_vram = 32
must_use_ac = True
min_hp_cpu = 1000
min_hp_vram = 64

[PowerManagement]
stopplaybackasstandy = True
disablemanualstandbyasplayback = False

[THEME]
skin = Dark-Blue

[ANIMATION]
use_dialog_anim = True

[MUSIC]
artistalbumbrowsing = False
popwmplayersleepmessage = True
visualizationfullscreen = True
trackdurationvisible = True
thumbnailbrowsing = True
usingrippingindex = False
skipmusicfolderfound = 7
skipmusicfilesize = 0
enabledefaultfolder = False
stopplaybackwhenripping = True
visualizationviewport = False

[MD3 Patch]
patchfolderpath = Dell\MediaDirect

[Video Setting]
setting_snapshotpath = Video Snapshot
showemptyvideostream = True
resume_video = True

[AUDIO]
mutewithwaveout = True
decode_cap_count = 2

[Root]
__default = ['Movie', 'Music']
enableplugin = True
generalsetting = {"Movie":"TRUE", "Photo":"TRUE", "Video":"TRUE", "Radio":"TRUE", "TV":"TRUE", "Music":"TRUE", "EFZone":"TRUE", "Office":"TRUE"}
help = 4
office = 2
settings = 5
photo = 1
update = 3
use_logo = True
exit = 6
music = 9
video = 8
movie = 7

[Help]
modulelist = {"Intro.xml":0, "Movie.xml":7001, "Video.xml":7002, "Photo.xml":7003, "Music.xml":7004, "TV.xml":7005, "Radio.xml":7006, "Extra.xml":7007, "MakeDVD.xml":7010, "EditMovie.xml":7014, "Office.xml":7019}
sortlist = ["Intro.xml", "Movie.xml", "Video.xml", "Photo.xml", "Music.xml", "Office.xml", "TV.xml", "Radio.xml", "MakeDVD.xml", "EditMovie.xml"]

[Office]
outlook_grab = 1
contacts_source = Outlook Express
default_enable_office = True
default_contacts_source = Outlook Express
default_contacts_sortby = FirstName
contacts_sortby = FirstName
enable_office = True

[EXTRA]
a software update is now available. = -1
serverurl = http://liveupdate.gocyberlink.com/ipublish/dmx/dmx_page.jsp?PROD=%s&VERSION=%s&LANG=%s&CONTENT=%d&CUSTOMER=%s&BUILD=%s&VERSIONTYPE=%s&CLJ=%d
clprodkeylist = []
enableclproductbykey = True
enablegame = True

[PHOTO]
default_2deffect = Random
thumbdb_version = 001
traditionalbufferwidth = 1024
setting_slide_show_music =
setting_slideduration = 3
default_3deffect = Motion
defaultfolder =
default_slidewithsubfolder = False
traditionalbufferhigh = 768
enable_auto_rotate = True
default_slideduration = 3
maxsizepreviewhttpfile = 4194304
enableviewport = False
setting_slidewithsubfolder = False
setting_effect = Motion
default_slide_show_music =

[Network Media]
default_share_tv = False
upnprefreshmediasvr = False
upnpcreatelpcmfile = False
default_share_music = False
upnpcheckfiletype = False
default_share_video = False
default_share_photo = False
default_share_radio = False

[Misc]
maxrecentcount = 20
stopfirstplayingdisc = False
bdfile =
setting_play_info_duration = 4
enableclvfd = False
minimizeaslauncher = False
rc_channel_min = 1
enablenvfsmmode = False
enabledigitletter = True
rc_id = 2
rc_channel_max = 16
dialogtimeout = 30
clock_precision = Second
rc_channel = 1
enabledatacd = True
rc_type = Default
registered = False
passwordattempcount = 5
enablercchannelselectinsetting = False
usenonrectangularregion = 1
enablemediastation = False
enable2d3dswitch = False

[WINDOW]
aot_left = -1
captionbar = False
top = 100
widescreen = False
height = 599
width = 800
aot_width = 0
aot_top = -1
aot_height = 0
left = 100

[Media Format]
music = ['.WAV', '.MP3', '.WMA', '.ASF']
movie_hddvd = ['DISC HDDVD', 'DISC HDDVD_VC1', 'DISC HDDVD_MPG2', 'DISC HDDVD_H264', 'DISC HDDVD_REVOKE']
photo = ['.BMP', '.JPG', '.JPEG', '.PNG']
pptview = ['.PPT', '.POT', '.PPS']
video = ['.MPEG2', '.MPG2', '.AVI', '.ASF', '.MPG', '.MPE', '.MPEG', '.WMV', '.DVR-MS']
movie_bd = ['DISC BDROM','DISC BDRE']
movie = ['DISC DVD_VIDEO', 'DISC VCD10', 'DISC VCD11', 'DISC VCD20', 'DISC SVCD', 'DISC DVD_VR', 'DISC DVD_PVR', 'DISC DVD_AUDIO']
audio = ['.WAV', '.MP3', '.WMA', '.ASF']

[Movie Setting]
warnondvdempty = 1
default_muteactionvalue = 0
enable_dxva = True
setting_profilevalue = 2
setting_outputvalue = 3
showviewport = False
default_colorprofile = 0
default_profilevalue = 2
enable_copp = False
default_outputtype = 0
setting_snapshotpath = Movie Snapshot
default_langaudiovalue = 0
default_captionvalue = 0
default_subtitlevalue = 0
default_outputvalue = 3

[MOREPROGRAMS]
postalcode =



-= EOF =-

 

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Java 8 Update 111  
 Java version 32-bit out of Date!
 Adobe Flash Player     24.0.0.186  
 Adobe Reader XI  
 Mozilla Firefox (50.1.0)
 Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#13 tomcal25

tomcal25
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 23 December 2016 - 11:16 PM

I will be off-line Saturday and Sunday.

 

Enjoy the Weekend. See you Monday.

 

Thanks for your continued help.



#14 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:11:41 AM

Posted 27 December 2016 - 07:19 PM

I hope you had a pleasant holiday.

One more scan, as a second opinion.

ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.
  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download its components, register itself, and start itself.
  • In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.
Don't forget to re-enable your antivirus when finished!


So let me know if ESET found anything.
To err is Human. To blame it on someone else is even more Human.

#15 tomcal25

tomcal25
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 28 December 2016 - 05:54 PM

Hi, Thanks. Christmas was good.

 

I downloaded ESet, but the screens looks nothing like what you described. Had to enter personal information to get a key to start "Free for 30 days" program. There was no "Advanced Settings" button, I set the parameters as best as I could and ran the scan. It ran two scans simultaneously, "Initial scan" and "Computer scan".

 

Two hours and a few minutes later the scans finished. It cleaned two items. There is no "List found threats or "Export" functions at end of scan.

 

I copied and pasted this from "Warning Threats Found" screen.

 

C:\Documents and Settings\Administrator\Desktop\LVR programs\ccsetup411pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    Clean
C:\Documents and Settings\Administrator\Desktop\Tools\ccsetup411.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    Clean
C:\Documents and Settings\Administrator\Desktop\Tools\dfsetup217.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    Clean
C:\Documents and Settings\Tom\My Documents\Downloads\cdbxp_setup_4.5.5.5790(1).exe    a variant of Win32/OpenCandy.A potentially unsafe application    Clean
C:\Documents and Settings\Tom\My Documents\Downloads\cdbxp_setup_4.5.5.5790.exe    a variant of Win32/OpenCandy.A potentially unsafe application    Clean
C:\Documents and Settings\Tom\My Documents\Downloads\cdbxp_setup_4.5.7.6321.exe    a variant of Win32/FusionCore.I potentially unwanted application    Clean
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2336\A0808392.exe    a variant of Win32/Spigot.B potentially unwanted application    Clean
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2357\A0810497.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    Clean

 

It then asks what you want to do. I selected "No Action" so you could look at this first.

 

Let me know what you think. Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users